tcpdump mailing list archives
Re: Compatibility Libpcap/Winpcap and timout of
From: Guy Harris <guy () alum mit edu>
Date: Tue, 27 Jan 2009 18:10:01 -0800
On Jan 27, 2009, at 5:14 PM, Aaron Turner wrote:
What is the solution on *BSD/OS X where you want a timeout
If you want a timeout, in the sense of something that means that you'll *never* block forever waiting for packets to arrive, then:
if you *only* care about platforms where the timer starts when the read starts - i.e., you don't care about, for example, Solaris or Linux - you can use the libpcap timeout;
if you *do* care about those platforms, you have to use select() (or poll(), if you don't care about OS X) even if you *aren't* trying to multiplex I/O on multiple pcap_t's or on one or more pcap_t's and other input sources. See below for the rules on using select() or poll().
or need to listen on multiple pcap_t handles?
If1) you only care about sufficiently recent version of *BSD, not about older BSDs where select() doesn't work right with BPF devices
and
2) you don't care about Mac OS X
just use select() or poll().
If you care about the older versions of various BSDs, or about Mac OS
X, then:
1) unless you don't care about Mac OS X after 10.3, don't use poll() (which means you can't use, for example, the GLib event loop) and don't use kqueues (as neither of those work with *any* character special files on OS X releases starting with 10.4 - this includes ttys as well);
2) put all the pcap_t's into non-blocking mode;
3) use select(), and put a timeout in the select() call;
4) attempt to read from all of the pcap_t's *regardless* of whether
select() says they're readable or not (that's why you put them into
non-blocking mode).
Note that this is the right way to handle multiple pcap_t's on *all* UN*Xes, regardless of how the timeout happens to work on particular platforms; don't use the timeout to do multiplexing.
Note also that, if the version of libpcap you're using has pcap_get_selectable_fd(), use that to get the file descriptor to use with select() or poll(); otherwise, use pcap_fileno().
On Windows, if you're trying to multiplex multiple pcap_t's, or one or more pcap_t's and other event sources, use WaitForMultipleObjects()/ WaitForMultipleObjectsEx()/MsgWaitForMultipleObjects()/ MsgWaitForMultipleObjectsEx(); use pcap_getevent() to get the event handle for a pcap_t.
- This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- Compatibility Libpcap/Winpcap and timout of pcap_next_ex(). Benoit (Jan 27)
- Re: Compatibility Libpcap/Winpcap and timout of pcap_next_ex(). Guy Harris (Jan 27)
- Re: Compatibility Libpcap/Winpcap and timout of Matthew Luckie (Jan 27)
- Re: Compatibility Libpcap/Winpcap and timout of Guy Harris (Jan 27)
- Re: Compatibility Libpcap/Winpcap and timout of Aaron Turner (Jan 27)
- Re: Compatibility Libpcap/Winpcap and timout of Guy Harris (Jan 27)
- Re: Compatibility Libpcap/Winpcap and timout of Benoit (Jan 28)
- Re: Compatibility Libpcap/Winpcap and timout of Guy Harris (Jan 28)
- Re: Compatibility Libpcap/Winpcap and timout of Matthew Luckie (Jan 27)
- Re: Compatibility Libpcap/Winpcap and timout of pcap_next_ex(). Guy Harris (Jan 27)