Re: Nsock has trouble handling pcap reads on Windows

[David Fifield <david () bamsoftware com>]

On Tue, Aug 03, 2010 at 03:28:39PM +0200, Luis MartinGarcia wrote:
> I've detected that Nsock has trouble handling pcap read events on
> Windows. The thing is that on Windows, the pcap descriptor is not
> selectable. Therefore, when Nsock waits for an event, with fselect(),
> it does not detect new packets being captured until the fselect() call
> times out and the pcap descriptor is checked for new data. This way,
> if we schedule a pcap read event like this:
>
> nsock_pcap_read_packet(nsp, pcap_nsi, pcap_event_handler, 10000, NULL)
> // Timeout 10s
> nsock_loop(nsp, 5000); // Timeout 5s
>
> Nsock does not call pcap_event_handler() until the nsock_loop()  times
> out after 5s, even if we captured a hundred packets in the meantime.
> To solve this, we need to detect when a pcap read event has been
> scheduled, and make any select() call to timeout quickly, so the pcap
> descriptor can be polled often, and nsock delivers captured packets to
> the application, as soon as possible.
>
> I attach a patch that should fix this problem. Please let me know if
> you have any comments.

The concept of the patch looks right. Instead of adding a new pcap_reads
member, see if you can test whether the list nsp->evl.pcap_read_events
is empty.

In this part of the patch:

+#if HAVE_PCAP
+    #ifndef PCAP_CAN_DO_SELECT
+        /* Force a low timeout when capturing packets on systems where
+         * the pcap descriptor is not select()able. */
+        if(ms->pcap_reads>0){
+            event_msecs=PCAP_POLL_INTERVAL;
+        }
+    #endif
+#endif

you should not increase event_msecs, only decrease it. So if event_msecs
is 1 for example, it should not be increased to 2.

With these changes you can commit the patch.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/