tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

Re: next release of libpcap

From: Guy Harris <guy () alum mit edu>
Date: Sun, 06 Apr 2008 12:45:39 -0700
Christian S.J. Peron wrote:

I have attached the patch that we have been using. This is a patch for the
libpcap code in FreeBSD -CURRENT right now.  It appears to work well, but
you folks might have some ideas for getting the necessary autoconf magic
in, as well make some possible architecture changes.

Some comments:
I've checked in changes to split pcap_open_live() into pcap_create() and pcap_activate(), so you can set various options before activating the capture handle; this means that the pcap_open_live() routine would need some changes. You should probably check out the main branch of libpcap with anonymous CVS and maintain your changes in that tree, so that checkins to CVS get propagated to your code.
You might want to include <sys/mman.h> and <sys/poll.h> only if you have memory-mapped BPF support, in case, for example, older versions of AIX don't have those headers.
Also, you're using select() rather than poll(); is there any need to include <sys/poll.h> at all?
You might want to put the structure members for memory-mapped mode into the "pcap_md" structure; I'm trying to move towards having only the stuff that's used for all capture types and for savefiles in the pcap_t structure, and move stuff specific to capturing into pcap_md (ultimately, I'd like to have the pcap_create() routines allocate structures with their platform-specific members, so that information doesn't have to be in pcap-int.h).
Also, there's no need for a "timeout" member of your own - just use "md.timeout".
pcap_t handles can be put into non-blocking mode; in that mode, pcap_next_zbuf() shouldn't call select(). See pcap-linux.c to see how that's done there - if it uses the memory-mapped ring buffer, it overrides the "get nonblocking mode" and "set nonblocking mode" methods, so that the "set" method sets "md.timeout" to a negative value in non-blocking mode, which is used as an indication that select() shouldn't be called, and the "get" method checks the value of "md.timeout" to see whether non-blocking mode is on or not.
pcap_close_common() shouldn't be modified - instead, you should, if memory-mapped BPF is being used, override the close method with your own routine in pcap-bpf.c, which would delete the mappings and then call pcap_close_common(). 
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
Previous By Date Next
Previous By Thread Next

Current thread: