Re: Help regarding Packet Arrival event in libpcap

[Guy Harris <guy () alum mit edu>]

Tassadaque Zia wrote:

> I am using libpcap. I want to perform a task as packet arrive on
> network interface. which method of libpap should i use to capture the
> "packet arrival event"

Libpcap doesn't deliver events, it delivers packets.

Therefore, you should just read packets with, for example, 
pcap_next_ex().  If you don't care about the contents of the packets, 
set the snapshot length to 68 bytes or so when you open the device.

Note, however, that, by default, libpcap arranges to buffer packets if 
the platform supports that, so that, instead of delivering packets 
immediately, it waits for a buffer full of packets to arrive, or for a 
timer to expire.

Therefore, if you want to see packets as soon as they arrive:

	on {Free,Net,Open,DragonFly}BSD and Mac OS X, you would need to do a 
BIOCIMMEDIATE ioctl on the file descriptor you get from pcap_fileno() on 
the pcap_t;

	on Solaris, you would need to do an SBIOCSTIME ioctl on the 
pcap_fileno() descriptor to set the timeout to 0;

	on Linux, I'm not sure what you'd do with versions of libpcap that 
support the memory-mapped ring buffer;

	on Digital/Tru64 UNIX, there's some call you'd have to make, but I 
don't remember what it is;

	on Windows with WinPcap, there's some call you'd have to make, but I 
don't remember what it is.
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.