Re: capturing on both interfaces simultaneously

[Guy Harris <guy () alum mit edu>]

On Dec 10, 2011, at 11:58 PM, Cedric Cellier wrote:

> > I got it to work.
> (...)
> > > default:           /* We got traffic */
> > > pcap_dispatch(pcap0,-1, (void *) packet_callback, NULL);
> > > pcap_dispatch(pcap1,-1, (void *) packet_callback2, NULL);
>
> So that other may benefit from it in the future, I
> guess your fixed version looks like:
>
> default:
>  if (t==pcap0) pcap_dispatch(pcap0,...)
>  else if (t==pcap1) pcap_dispatch(pcap1,...)

I would not guess that, because select() returns a count of the number of descriptors that are ready to read - it does 
not return one of the descriptors that are ready to read - and because pcap0 and pcap1 are pointers to pcap_t 
structures, not descriptors.

The right way to do this is

  pcap0 = pcap_open_live(device0, BUFSIZ, 1, -1, errbuf);
  if (pcap0 == NULL)
    /* report failure */
  pcap1 = pcap_open_live(device1, BUFSIZ, 1, -1, errbuf);
  if (pcap1 == NULL)
    /* report failure */
  /*
   * If this is being built with a version of libpcap that doesn't
   * include pcap_get_selectable_fd(), use pcap_fileno(), but be
   * prepared to be surprised if the devices don't happen to be
   * selectable or if you're running on Windows.
   */
  pcapfd0 = pcap_get_selectable_fd(pcap0);
  if (pcapfd0 == -1)
    /* fail with an indication that you can't select on device0 */
  pcapfd1 = pcap_get_selectable_fd(pcap1);
  if (pcapfd1 == -1)
    /* fail with an indication that you can't select on device1 */

  for(;;)
    {

    /* If you include STDIN_FILENO, be sure to read from it when you get
       traffic from it, or select will return every time it is called,
       since there will still be traffic waiting there.
    */

    FD_ZERO(&fd_wait);
    //FD_SET(STDIN_FILENO, &fd_wait);
    FD_SET(pcapfd0, &fd_wait);
    FD_SET(pcapfd1, &fd_wait);

    st.tv_sec  = 1;
    st.tv_usec = 0;   /* 1000 = 1 second */

    t=select(FD_SETSIZE, &fd_wait, NULL, NULL, &st);
    printf("t is %d\n",t);
    switch(t)
      {
      case -1:      /* Something went really wrong */
        printf("select failed: %s\n", strerror(errno));
        exit(1);

      case  0:      /* We timed out, no trafffic */
        printf( " Time out ! \n");
        break;

      default:      /* We got traffic */
        //if (FD_ISSET(STDIN_FILENO, &fd_wait))
        //  process information from the standard input
        if (FD_ISSET(pcapfd0, &fd_wait))
          {
          if (pcap_dispatch(pcap0,-1, (void *) packet_callback, NULL) == -1)
            /* report an error processing packets from device0 */
          }
        if (FD_ISSET(pcapfd1, &fd_wait))
          {
          if (pcap_dispatch(pcap1,-1, (void *) packet_callback2, NULL) == -1)
            /* report an error processing packets from device0 */
          }
      }
    }
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.