tcpdump mailing list archives
Re: Where does libpcap get the incoming network data? From the driver?
From: Fabian Schneider <schneifa () net in tum de>
Date: Mon, 7 Mar 2011 10:40:21 +0100
Hi, that depends on the OS.
1. Does libpcap obtain incoming packet data from the nic's driver or from somewhere else? 2. Does libpcap obtain outgoing packet data from the linux IP layer or from somewhere else?
Actually it is in between. What happens is that libpcap requests a PF_PACKET socket which registers itself as a consumer of incoming packets on the same level as e.g. the IP Stack. Basically there is a centralized queue per NIC that is outside the driver context and keeps track of how many destinations packets need to be delivered. For more info you can check my master's thesis [1] in Section 2 or an Linux Journal article [2]. Note, that by now instead of copying the packets to the user space also memory mapped version of libpcap exist. But that does not change the place where the packets are obtained from. best Fabian [1] http://www.net.t-labs.tu-berlin.de/~fabian/papers/da.pdf [2] http://www.linuxjournal.com/article/4852 - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- Where does libpcap get the incoming network data? From the driver? Jorge Canas (Mar 07)
- Re: Where does libpcap get the incoming network data? From the driver? Fabian Schneider (Mar 07)
- Re: Where does libpcap get the incoming network Jorge Canas (Mar 08)
- Re: Where does libpcap get the incoming network data? From the driver? Fabian Schneider (Mar 07)