tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

Not receiving packets on Solaris, but no problems on Linux and BSD

From: "roy hills" <royhills () hotmail com>
Date: Fri, 30 Mar 2007 10:52:37 +0100
I'm having problems with libpcap on Solaris, but the same program works fine on Linux and FreeBSD. I suspect that there is some difference between the DLPI and packet socket/BPF implementations that's causing the problem.
The code works fine on Linux (Debian sarge), FreeBSD 6.1, OpenBSD 3.9 and NetBSD 3.0.1.
On Solaris 9 / SPARC with libpcap 0.9.5, the program compiles and runs without error, but never receives any packets.
The pcap code goes like this. I've ommitted all the error-handling and non-pcap bits to simplify things:
First, we initialise pcap. Here, PROMISC is 0, TO_MS is 0 (but I've also tried 1, which doesn't make any difference), and ARP_PCAP_BPF is defined on BPF systems (BSD). We don't need promiscuous mode, as all the packets we need are sent to the host running the program. The filter_string is something like "arp and ether dst 00:02:b3:bb:5c:11". 

pcap_handle = pcap_open_live(if_name, snaplen, PROMISC, TO_MS, errbuf)
pcap_fd=pcap_fileno(pcap_handle)
pcap_setnonblock(pcap_handle, 1, errbuf)
#ifdef ARP_PCAP_BPF
ioctl(pcap_fd, BIOCIMMEDIATE, &one)
#endif
pcap_lookupnet(if_name, &localnet, &netmask, errbuf)
pcap_compile(pcap_handle, &filter, filter_string, OPTIMISE, netmask)
pcap_setfilter(pcap_handle, &filter)
Do I need to set the pcap_fd non-blocking for DLPI like I do for BPF I wonder?
Then we repeatedly call select() to see if there is anything to read on pcap_fd, and if there is we call pcap_dispatch to process it. For BPF, we call pcap_dispatch even if the select() times out, because I've found that many (maybe all?) BPF systems don't indicate when the BPF discriptor is ready. I've tried this same trick on Solaris, but it doesn't seem to help. 

I've included all the code from this bit:

  n = select(s+1, &readset, NULL, NULL, &to);
  if (n < 0) {
     err_sys("select");
  } else if (n == 0) {
/*
* For the BPF pcap implementation, we call pcap_dispatch() even if select
* times out. This is because on many BPF implementations, select() doesn't
* indicate if there is input waiting on a BPF device.
*/
#ifdef ARP_PCAP_BPF
     if ((pcap_dispatch(pcap_handle, -1, callback, NULL)) < 0)
        err_sys("pcap_dispatch: %s\n", pcap_geterr(pcap_handle));
#endif
     return;   /* Timeout */
  }
  if ((pcap_dispatch(pcap_handle, -1, callback, NULL)) < 0)
     err_sys("pcap_dispatch: %s\n", pcap_geterr(pcap_handle));
Can anyone give some guidance on how DLPI works differently in this situation (i.e. using select() and pcap_dispatch())? I suspect that the problem may be buffering, as the program does not normally receive many packets. 

Regards,

Roy

_________________________________________________________________
Get Hotmail, News, Sport and Entertainment from MSN on your mobile. http://www.msn.txt4content.com/ 

-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
Previous By Date Next
Previous By Thread Next

Current thread: