Re: libpcap on Mac Os X 10.6 Snow Leopard

[Guy Harris <guy () alum mit edu>]

On Jan 31, 2010, at 1:07 AM, Marco De Angelis wrote:

> We have an application that uses libpcap for many Linux versions and for Mac Os X Leopard with an excellent outcome. 
> When tested on Snow Leopard (10.6.2), it stopped working. I googled a lot and found out about the BPF issues that you 
> mention on many posts like http://www.mail-archive.com/wireshark-bugs () wireshark org/msg16294.html 

The issue described in that message is fixed in 10.6.2.

The other BPF issue - timeouts < 1 second not working - is also fixed in 10.6.2.

These are both BPF issues; libpcap 1.0.0 didn't *introduce* them - 1.0.0 won't have them on pre-10.6 OS X, and 1.0.0 
and earlier versions will also have the first of those issues on 10.6 and 10.6.1, and the second of those issues on all 
10.6.x releases (the BPF issue was worked around in libpcap; the workaround is also in the main Git branch from 
tcpdump.org).

In addition, you're specifying a 1-second timeout, so the second issue wouldn't affect you (tcpdump works, and it uses 
a timeout of 1000, i.e. 1000ms = 1s).

> I'm not monitoring my own packets, and anyway, giving read and write permissions to group and to everybody didn't 
> help. I ruled out also the wireless card problems by attaching directly to the router. Nada.

So what is the exact problem you're seeing?  What is the difference you see between Leopard and Snow Leopard?  
(PF_PACKET sockets work differently from BPF, so differences between Linux and {Leopard,Snow Leopard,*BSD} are less 
interesting here.)-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.