tcpdump mailing list archives
Re: error executing ksniff with libpcap 1.0.0
From: Guy Harris <guy () alum mit edu>
Date: Sun, 16 Nov 2008 14:11:20 -0800
On Nov 16, 2008, at 1:09 PM, Giovanni Venturi wrote:
Till libpcap < 1.0.0 (the last stable you released) all was ok in the packetcapture, but now I get the following error message: can't create rx ring on packet socket 4: 92-Protocol not available What does it mean?
It means that
1) you're running on Linux;
2) the system on which libpcap was compiled has headers that support
memory-mapped ring-buffer access to a PF_PACKET socket;
3) the kernel system on which libpcap is running doesn't have support memory-mapped ring-buffer access built into the kernel;
4) somehow that causes pcap_open_live() to fail, rather than just falling back on reading from the PF_PACKET socket in the normal fashion.
If so, that's a libpcap bug; I'll try debugging it.
I read that:«To open a handle for a live capture, call pcap_create(), set the appropriate options on the handle, and then activate it with pcap_activate(). To open a handle for a ``savefile'' with captured packets, call pcap_open_offline(). Both pcap_create() and pcap_open_offline() return a pointer to a pcap_t, which is the handle used for reading packets from the capture stream or the ``savefile'', and for finding out information about the capture stream or``savefile''. » This means I don't need "pcap_open_live" anymore?
It means that if you don't care whether your application runs on versions of libpcap prior to 1.0.0 - and thus don't care whether your application will run on most if not all current releases of most Linux distributions, most if not all current *BSD releases, AIX 5.x, or all current Mac OS X releases, without replacing the system libpcap - you don't need pcap_open_live() any more.
However, if you *do* care whether it runs on those releases, you still need to use pcap_open_live(), as versions of libpcap prior to 1.0.0 don't have pcap_create() or pcap_activate(). pcap_open_live() still works in libpcap 1.0.0, although it doesn't support setting the buffer size for the pcap_t (you'd have to do it yourself in a platform- dependent fashion, and you can't do it at all on *BSD and Mac OS X) or setting monitor mode.-
This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- error executing ksniff with libpcap 1.0.0 Giovanni Venturi (Nov 16)
- Re: error executing ksniff with libpcap 1.0.0 Guy Harris (Nov 16)
- Re: error executing ksniff with libpcap 1.0.0 Guy Harris (Nov 16)
- Re: error executing ksniff with libpcap 1.0.0 Giovanni Venturi (Nov 17)
- Re: error executing ksniff with libpcap 1.0.0 Guy Harris (Nov 17)
- Re: error executing ksniff with libpcap 1.0.0 Guy Harris (Nov 16)
- Re: error executing ksniff with libpcap 1.0.0 Guy Harris (Nov 16)
- <Possible follow-ups>
- error executing ksniff with libpcap 1.0.0 Giovanni Venturi (Nov 17)
- Re: error executing ksniff with libpcap 1.0.0 Guy Harris (Nov 17)
- Re: error executing ksniff with libpcap 1.0.0 Giovanni Venturi (Nov 17)
- Re: error executing ksniff with libpcap 1.0.0 Guy Harris (Nov 19)
- Re: error executing ksniff with libpcap 1.0.0 Giovanni Venturi (Nov 19)
- Re: error executing ksniff with libpcap 1.0.0 Guy Harris (Nov 17)
- Re: error executing ksniff with libpcap 1.0.0 Giovanni Venturi (Nov 18)
- Re: error executing ksniff with libpcap 1.0.0 Guy Harris (Nov 18)