Re: Libpcap speed problem

[Aaron Turner <synfinatic () gmail com>]

2010/1/11 arif ugurel <arifugurel () gmail com>:
> Hi,
> I made  my code as simple as possible. Just open devices, read from one of
> them and send it thru the other one and vice versa. May be the problem is
> about some kind of loop. But i couldn't figured it out.
> Any other ideas?

Sorry, but I'm really not able to help you debug code which I haven't
seen.  I'm not even really sure what you mean by "capture speed
dramatically decreases and starts to miss packets".  Where are you
measuring this?  What is your CPU load?  Have you profiled your code?
Have you looked on the network to see what you are actually sending?

Anyways, your description of you code has now changed- you now claim
your code is bi-directional (sends & receives in both directions).
Are you sure you haven't introduced an infinite loop?  Ie: when you
send a packet you're not re-reading it on the way out and sending it
again out the other interface?  I've talked to 2 people in the past
who were implementing their own versions of tcpbridge and this was
there mistake.

Basically you need to filter what traffic you read via libpcap.  I
don't believe libpcap supports pcap_setdirection() under Linux (at
least PF_PACKET sockets didn't used to support this- it may of changed
recently).  Hence you need to manually drop packets that you send when
you read via libpcap on that interface.  That or do what tcpbridge
does and implement a learning bridge.

Or you could just use tcpbridge: http://tcpreplay.synfin.net/trac/wiki/tcpbridge


-- 
Aaron Turner
http://synfin.net/
http://tcpreplay.synfin.net/ - Pcap editing and replay tools for Unix & Windows
Those who would give up essential Liberty, to purchase a little temporary
Safety, deserve neither Liberty nor Safety.
    -- Benjamin Franklin
"carpe diem quam minimum credula postero"
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.