tcpdump mailing list archives
Re: How to tell if application is handling packets
From: Chris Morgan <chmorgan () gmail com>
Date: Sat, 26 Dec 2009 22:41:30 -0500
On Sat, Dec 26, 2009 at 6:53 PM, Guy Harris <guy () alum mit edu> wrote:
On Dec 26, 2009, at 3:13 PM, Chris Morgan wrote:Ahh, so ps_drop might work for this. Users are reporting issues on Windows with the latest winpcap release but I do a lot of my testing under Linux, Ubuntu 9.10, 2.6.31 x64. I'd be doing the drop testing under Linux initially. On Linux its pcap version 2.4 from pcap.h although the package is listed as version 0.8.Actually, it's file format version 2.4. Somewhat confusingly, PCAP_VERSION_MAJOR and PCAP_VERSION_MINOR are the major and minor version numbers of the pcap file format, not of the pcap library.
Doh. I've attached a patch that adds a short comment to describe those values so I, and maybe others, don't run into the same issue again.
The best way to get the version number of the libpcap library is probably to run "tcpdump -h": $ tcpdump -h tcpdump version 4.0.0 libpcap version 1.0.0 Usage: tcpdump [-aAdDefIKlLnNOpqRStuUvxX] [ -B size ] [ -c count ] [ -C file_size ] [ -E algo:secret ] [ -F file ] [ -G seconds ] [ -i interface ] [ -M secret ] [ -r file ] [ -s snaplen ] [ -T type ] [ -w file ] [ -W filecount ] [ -y datalinktype ] [ -z command ] [ -Z user ] [ expression ] and, yes, even with a package listed as version 0.8, the libpcap version might be something else - for some reason, Debian (and Ubuntu) call it "libpcap 0.8" even though they've upgraded to a later version of the library.
Ahh. That's pretty silly of them. I should report that as a ubuntu or debian bug... cmorgan@cmorgan-laptop:~/sharppcap_git/Test/bin/Debug$ tcpdump -h tcpdump version 4.0.0 libpcap version 1.0.0
Alternatively, if libpcap on your system has the pcap_lib_version() routine, it returns a pointer to a character string giving the version number of libpcap, so your application could use that (that's what tcpdump uses, if available). Otherwise, the library might define an external variable "pcap_version", which is a char array ("extern char pcap_version[]") with a string containing a version number for libpcap (again, that's what tcpdump uses if it's available and pcap_lib_version() isn't).- This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Yes, right. I was aware of pcap_lib_version() but it required more effort to call that routine than look in the header file and get confused :-) Chris
Attachment:
0001-Add-a-comment-to-describe-PCAP_VERSION_MAJOR-and-PCA.patch
Description:
- This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- How to tell if application is handling packets too slowly, causing them to be missed? Chris Morgan (Dec 26)
- Re: How to tell if application is handling packets too slowly, causing them to be missed? Guy Harris (Dec 26)
- Re: How to tell if application is handling packets Chris Morgan (Dec 26)
- Re: How to tell if application is handling packets Guy Harris (Dec 26)
- Re: How to tell if application is handling packets Chris Morgan (Dec 26)
- Re: How to tell if application is handling packets Chris Morgan (Dec 26)
- Re: How to tell if application is handling packets too slowly, causing them to be missed? Guy Harris (Dec 26)