tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

Re: pcaplib: pcap_stats() ps_recv value

From: alex medvedev <alexm () pycckue org>
Date: Mon, 21 Jul 2003 16:30:38 -0500 (CDT)
hi,

i am no specialist but pcap_loop() already does a loop for you.
:)
i would rewrite it like so:

#include <sys/types.h>
#include <stdio.h>
#include <pcap.h>

pcap_t * caph ;
struct pcap_stat ps ;
static int i = 0;
void phandler( u_char *, const struct pcap_pkthdr *, const u_char * ) ;

int main(void)
{
    char dev[] = "eth0" ;
    char ebuf[PCAP_ERRBUF_SIZE] ;

   caph = pcap_open_live( dev, BUFSIZ, 1, 0, ebuf ) ;

   pcap_loop( caph, -1, phandler, NULL ) ;

    pcap_close( caph ) ;
    return 0 ;
}

void phandler( u_char * args, const struct pcap_pkthdr * phdr, const
u_char
* pkt )
{
        i++;
        if (i==100) {
                (void)pcap_stats(caph, &ps);
                printf( "Recv: %d\tDropped: %d\n", ps.ps_recv, ps.ps_drop);
                i = 0;
        }
}

-alexm
--
÷Ï ÉÍÑ ÐÒÏÃÅÓÓÁ-ÏÔÃÁ, ÐÒÏÃÅÓÓÁ-ÓÙÎÁ É Ó×ÑÔÁÇÏ root'Á... Enter!

On Mon, 21 Jul 2003, Richard rh310 wrote:


SuSE Linux 8.2, Intel P4 3.xx GHz, 512MB RAM, "stock" pcaplib on SuSE
distribution, 10MB 802.3 at about 2% utiliization.  GNU gcc 3.3.

I'm trying to use pcap_stats() to track the number of packet receives and
drops, but the number received isn't what I expect and so I'm not sure I
trust the count of drops.  Sample code:

#include <sys/types.h>
#include <stdio.h>
#include <pcap.h>

void phandler( u_char *, const struct pcap_pkthdr *, const u_char * ) ;

int main(void)
{
    int i ;
    pcap_t * caph ;
    char dev[] = "eth0" ;
    struct pcap_stat ps ;
    char ebuf[PCAP_ERRBUF_SIZE] ;

   caph = pcap_open_live( dev, BUFSIZ, 1, 0, ebuf ) ;

   i = 0 ;
   while (1)
   {
        pcap_loop( caph, -1, phandler, NULL ) ;

        /* get stats every 100 packets */
        if ( i == 100 )
        {
             pcap_stats( caph, &ps ) ;
             printf( "Recv: %d\tDropped: %d\", ps.ps_recv, ps.ps_drop ) ;
             i = 0 ;
             continue ;
        }
        i++ ;
    }

    pcap_close( caph ) ;
    return 0 ;
}

void phandler( u_char * args, const struct pcap_pkthdr * phdr, const u_char
* pkt )
{
     /* nop for now */
     return 0 ;
}

Now, sometimes this program just sits there without generating any output at
all (blocked on recv_from), and other times it outputs:

Recv: 101     Drops: 0
Recv: 101     Drops: 0
Recv: 101     Drops: 0
Recv: 101     Drops: 0
Recv: 101     Drops: 0
Recv: 101     Drops: 0
...

tcpdump summary output from about 2 seconds of running tcpdump:

12012 packets received by filter
3303 packets dropped by kernel

...so there's data on the network, and there are dropped packets--and
pcap_stats doesn't seem to be telling me anything much about either.  About
98% of the traffic is unicast to the machine all this is running on, so even
if someone the interface isn't going promisc there still should be more than
I'm seeing in the output.

Anyway, I'm scratching my head over both the tendency to block on recv_from,
and to apparently mis-report the count of packets received and dropped.

Richard

_________________________________________________________________
STOP MORE SPAM with the new MSN 8 and get 2 months FREE*
http://join.msn.com/?page=features/junkmail

-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe





-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: