tcpdump mailing list archives
Re: Packet arrival order
From: Eloy Paris <peloy () chapus net>
Date: Tue, 3 Apr 2007 07:47:39 -0400
Hi Roy, On Tue, Apr 03, 2007 at 09:51:16AM +0100, roy hills wrote:
I am running a local pcap application on a Solaris host, capturing only packets going to and from a specific interface. Sometimes I see several packets coming in, in a row, and then several packets going out, in a row, from that interface.I think you are seeing the same problem that I have described in my posting "Not receiving packets on Solaris, but no problems on Linux and BSD". I think what we both need is the Solaris/DLPI equivalent to the BSD/BPF BIOCIMMEDIATE ioctl. In my situation, I wrote a program (arp-scan) using libpcap on Linux, and it worked fine. When I ported it to BSD I needed to use the BIOCIMMEDIATE ioctl to avoid BPF buffering. I'm now porting it to Solaris and am not receiving packets, so I suspect that I need the appropriate method to avoid buffering in DLPI.
I've also had problems with Solaris. In my opinion it's not the best platform for capturing packets in real-time. In Network Expect (http://www.netexpect.org) I am currently using the following code, which I borrowed from another open source project (can't remember which): ---------------------------------------------------------------------- #if __sun__ /* * Under Solaris, select() keeps waiting until the next packet, * because it is buffered, so we have to set timeout and * chunk size to zero */ { int size_zero = 0; struct timeval time_zero = {0, 0}; if (ioctl(fd, SBIOCSCHUNK, &size_zero) < 0) warn("ioctl() with SBIOCSCHUNK returned an error (%d): %s", errno, strerror(errno) ); if (ioctl(fd, SBIOCSTIME, &time_zero) < 0) warn("ioctl() with SBIOCSTIME returned an error (%d): %s", errno, strerror(errno) ); } #endif ---------------------------------------------------------------------- Can you give it a try and let us know if it makes any difference in your program? If I remember correctly this makes things "pseudo work" since now select() will return immediately but regardless of whether there's data ready to be read. But at least this is better than select() not returning at all since your code can check for select()'s return value and read data if there's something to read or go back to select() if there's nothing. As I said, Solaris behaves really weird when using select() on a libpcap packet capture descriptor. I can't explain it. Cheers, Eloy Paris.- - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- Packet arrival order Ury Segal (Apr 02)
- Re: Packet arrival order roy hills (Apr 03)
- Re: Packet arrival order Eloy Paris (Apr 03)
- Re: Packet arrival order roy hills (Apr 03)
- Re: Packet arrival order Eloy Paris (Apr 03)
- Re: Packet arrival order roy hills (Apr 03)
- Re: Packet arrival order Eloy Paris (Apr 03)
- Re: Packet arrival order Eloy Paris (Apr 03)
- Re: Packet arrival order roy hills (Apr 03)
- Re: Packet arrival order Eloy Paris (Apr 03)