Re: forcing pcap_loop() failures

[Guy Harris <guy () alum mit edu>]

On Oct 18, 2006, at 3:41 PM, Alexander Dupuy wrote:

> You really want to use select() (or poll() if your operating system  
> doesn't support select()) instead of a CPU polling loop.  You can  
> use pcap_get_selectable_fd() to get the underlying file descriptor  
> on a Unix system (won't work on Windows, but neither will the "any"  
> interface).  Whenever select() indicates that a pcap fd can be read,  
> call pcap_dispatch() to handle any packets, then return to the  
> select() call.

Note that in some systems with BPF (older versions of  
{Free,Net,Open,Dragonfly}BSD, current versions of Mac OS X), select()  
(and poll()) don't work correctly on BPF devices, and so you have to  
work around that.  (Note also that poll() doesn't work on *ANY*  
character special file, including BPF devices but also including ttys/ 
ptys, in OS X 10.4[.x], i.e. Tiger.)

The workaround is to

        1) put the pcap_t into non-blocking mode (use pcap_setnonblock());

	2) use the timeout value you used when opening as the timeout value  
for select();

	3) call pcap_dispatch() if the timeout expires, not just if select()  
says the pcap FD is readable.

(And, as indicated, do *NOT* use poll() if you can avoid it, as, in OS  
10.4[.x], you can't use poll() on the descriptor you get from  
pcap_get_selectable_fd().  Note that the GLib and thus GTK+ main loop  
uses poll(), not select.)
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.