tcpdump mailing list archives
Re: Is libpcap pcap_set_buffer_size() == winpcap
From: Chris Morgan <chmorgan () gmail com>
Date: Thu, 3 Sep 2009 13:20:27 -0400
On Thu, Sep 3, 2009 at 1:04 PM, Guy Harris<guy () alum mit edu> wrote:
On Sep 3, 2009, at 9:13 AM, Chris Morgan wrote:A user of Sharppcap is asking if we support pcap_setbuff(). Apparently this is a winpcap specific option.Yes. The problem is that not all platforms atop which libpcap runs can support setting the buffer size after you've opened a network interface for capturing - BPF won't let you change the buffer size on a /dev/bpf* device once you've bound it to an interface. The WinPcap people added pcap_setbuff(), but the code whose buffer size it changes is their code, so they could make it work however they wanted; the capture code libpcap uses is part of the UN*X systems on which it runs.I was wondering if pcap_set_buffer_size() was the same as pcap_setbuff()."The same" in what sense? They are used differently. Libpcap 1.x, in order to allow more options to be specified when a network interface is opened for capturing, split pcap_open_live() into pcap_create(), which creates a "non-activated" pcap_t, on which options can be set but upon which capturing cannot be done, and pcap_activate(), which "activates" the pcap_t so that you can capture on it. One option that can be set between creation and activation is the buffer size; that even works on systems that use BPF for capturing, as the /dev/bpf* device isn't opened, much less bound to an interface, until the pcap_t is activated. So, to set the buffer size when you open an interface, you do pd = pcap_create(...); if (pd == NULL) fail; ... status = pcap_set_buffer_size(pd, buffer_size); if (status != 0) fail; ... status = pcap_activate(pd); if (status != 0) fail; pcap_setbuff() takes an opened pcap_t as an argument, so it can only be called *after* the interface has been opened, so, to set the buffer size on Windows after you open an interface, you do pd = pcap_open_live(...); if (pd == NULL) fail; if (pcap_setbuff(pd, buffer_size) == -1) fail; or, in WinPcap 4.1 (at least as of 4.1b5 - I don't know which version first picked up pcap_create() and pcap_activate()): pd = pcap_create(...); if (pd == NULL) fail; ... status = pcap_activate(pd); if (status == 0) fail; if (pcap_setbuff(pd, buffer_size) == -1) fail;If so, are there any plans to unify the api for increased cross platform code portability?WinPcap 4.1 (again, at least as of 4.1b5) has pcap_set_buffer_size(), so you can do pd = pcap_create(...); if (pd == NULL) fail; ... status = pcap_set_buffer_size(pd, buffer_size); if (status != 0) fail; ... status = pcap_activate(pd); if (status != 0) fail; on Windows with WinPcap 4.1 and on UN*Xes if you have libpcap 1.x. libpcap will not pick up pcap_setbuff() as it cannot be implemented on all platforms (no *BSD, AIX, or Mac OS X) and as it has pcap_set_buffer_size(). - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Ahh. Thank you again for this detailed information. I'm asking the user if pcap_set_buffer_size() will work for them. If it does we can implement that interface and we'll be able to have the same api that works the same across windows, mac, linux platforms, keeping things simple for everyone. Chris - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- Is libpcap pcap_set_buffer_size() == winpcap pcap_setbuff() ? Chris Morgan (Sep 07)
- Re: Is libpcap pcap_set_buffer_size() == winpcap pcap_setbuff() ? Guy Harris (Sep 07)
- Re: Is libpcap pcap_set_buffer_size() == winpcap Chris Morgan (Sep 07)
- Re: Is libpcap pcap_set_buffer_size() == winpcap Guy Harris (Sep 07)
- Re: Is libpcap pcap_set_buffer_size() == winpcap Chris Morgan (Sep 07)
- Re: Is libpcap pcap_set_buffer_size() == winpcap Chris Morgan (Sep 07)
- Re: Is libpcap pcap_set_buffer_size() == winpcap pcap_setbuff() ? Guy Harris (Sep 07)