Re: Packet arrival order

[Eloy Paris <peloy () chapus net>]

Hi Roy,

On Tue, Apr 03, 2007 at 09:51:16AM +0100, roy hills wrote:

> > I am running a local pcap application on a Solaris host, capturing
> > only packets going to and from a specific interface. Sometimes I see
> > several packets coming in, in a row, and then several packets going
> > out, in a row, from that interface.
>
> I think you are seeing the same problem that I have described in my
> posting "Not receiving packets on Solaris, but no problems on Linux
> and BSD".
>
> I think what we both need is the Solaris/DLPI equivalent to the
> BSD/BPF BIOCIMMEDIATE ioctl.
>
> In my situation, I wrote a program (arp-scan) using libpcap on Linux,
> and it worked fine. When I ported it to BSD I needed to use the
> BIOCIMMEDIATE ioctl to avoid BPF buffering. I'm now porting it to
> Solaris and am not receiving packets, so I suspect that I need the
> appropriate method to avoid buffering in DLPI.

I've also had problems with Solaris. In my opinion it's not the
best platform for capturing packets in real-time. In Network Expect
(http://www.netexpect.org) I am currently using the following code,
which I borrowed from another open source project (can't remember
which):

----------------------------------------------------------------------
#if __sun__
    /*
     * Under Solaris, select() keeps waiting until the next packet,
     * because it is buffered, so we have to set timeout and
     * chunk size to zero
     */
    {
        int size_zero = 0;
        struct timeval time_zero = {0, 0};

        if (ioctl(fd, SBIOCSCHUNK, &size_zero) < 0)
            warn("ioctl() with SBIOCSCHUNK returned an error (%d): %s",
                 errno, strerror(errno) );

        if (ioctl(fd, SBIOCSTIME, &time_zero) < 0)
            warn("ioctl() with SBIOCSTIME returned an error (%d): %s",
                 errno, strerror(errno) );
    }
#endif
----------------------------------------------------------------------

Can you give it a try and let us know if it makes any difference in your
program?

If I remember correctly this makes things "pseudo work" since now
select() will return immediately but regardless of whether there's
data ready to be read. But at least this is better than select() not
returning at all since your code can check for select()'s return value
and read data if there's something to read or go back to select() if
there's nothing.

As I said, Solaris behaves really weird when using select() on a libpcap
packet capture descriptor. I can't explain it.

Cheers,

Eloy Paris.-
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.