tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Questions about pcap_read() function

From: Guy Harris <guy () alum mit edu>
Date: Mon, 1 Oct 2007 18:09:39 -0700

On Oct 1, 2007, at 2:13 AM, Varuna De Silva wrote:
What if it has fewer than 3968 bytes available? Does the read return only what's available? 

It waits checking until it receives 3968 bytes and then read it in
Will it wait forever? If so, that might be a problem if fewer than 3968 bytes arrive initially, and it takes a very long time for the last of the 3968 bytes to arrive; that might mean that some SS7 frames won't be seen until a long time after they arrive - and, if more data *never* arrives, those SS7 frames won't *ever* be seen.
You should probably use the timeout argument to xxx_open_live(), and have it either
1) wait no longer than that amount of time after the read is done for 3968 bytes of data to arrive 

or
2) wait no longer than that amount of time after the first byte of data arrives for 3968 bytes of data to arrive.
If cnt is zero, keep processing frames and calling the callback routine until you run out of frames in the buffer. 

Since I hope to do a FT_Read() in every call to xxx_read()


You won't necessarily be able to do that.
I have to read all the frames in that buffer (3968 bytes), but I guess, I do not have control over cnt 
variable.


Correct.


It belongs to a higher layer sw ! is it?


Yes.  It belongs to the application that's using libpcap/WinPcap.
If so how will that piece of Higher layer SW, know to call my xxx_read() with a cnt value of zero or non-zero?
That's up to whoever writes the application. Code in libpcap/WinPcap has to be able to handle both zero and non-zero cnt values.
Will this reading a chunk of bytes together with reading one frame at a time for each frame in the chunk, work ? Or is it good for me to have a particular library which does all this filtering part and reading of chunks, (in the form of a dll for the moment) and access it?
I don't see any benefit to having that in a library separate from the libpcap/WinPcap library, unless you'd use it outside of libpcap/WinPcap. 
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
Previous By Date Next
Previous By Thread Next

Current thread: