Re: libpcap & poll()

[Ben Greear <greearb () candelatech com>]

Aaron Turner wrote:
> On Thu, Nov 13, 2008 at 8:15 PM, Ben Greear <greearb () candelatech com> wrote:
>   
> > I guess you have some way of knowing you are reading a packet you just wrote
> > so that you don't do this in a loop?
> >     
>
> Yep.  Basically it's a software bridge (two interfaces, copying all
> packets from one interface to the other) I track the source MAC
> address so I know which direction a packet should go.
>   
I pretty much do the same, but I'm overly paranoid and actually store 
the entire packet
in a queue and compare against those to stop retransmits on Solaris.  
(You typically
immediately read what you just wrote, so the queue comparison usually 
just pops off
the top packet).   On Windows, you can use winpcap and it has the 
ability to not receive what it sends.

On Linux, as mentioned, I just use raw packet sockets.
> > I do know that if you use a PF_PACKET socket, if you write to it you do not
> > read that packet back on the PF socket.  I'm not sure about using pcap to
> > read/write on Linux,
> > however.
> >     
>
> Interesting... Right now I'm using different handles for read & write
> so I see packets I send.  Obviously  not ideal, but if I could use the
> same handle for read & write that would help out a lot.
>   
Well, in a bridge you have to bind to two interfaces, so you'll read 
from one and
write to the other.  But, you should be able to do this with only two 
pcap sockets
total.

If you get anything working on Windows, I'm interested to know your 
throughput.  I
can't get above about 10Mbps full duplex across my winpcap bridge...

Thanks,
Ben

--
Ben Greear <greearb () candelatech com> 
Candela Technologies Inc  http://www.candelatech.com


-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.