tcpdump mailing list archives

Re: pcap_loop - any other option that won't block

From: Gianluca Varenni <Gianluca.Varenni () riverbed com>
Date: Thu, 5 May 2011 15:24:58 -0700

I would just perform the capture in a separate thread.

Have a nice day
GV

-----Original Message-----
From: tcpdump-workers-owner () lists tcpdump org [mailto:tcpdump-workers-owner () lists tcpdump org] On Behalf Of Jeff 
Garrett
Sent: Thursday, May 05, 2011 8:30 AM
To: tcpdump-workers () lists tcpdump org
Subject: [tcpdump-workers] pcap_loop - any other option that won't block while sniffing for infinite time

Hi.
I am looking to setup a kind of a sniffer manager in C that is cross platform (Windows, Linux).  I have everything 
working in both platforms,
with the exception of one thing - the main sniffing loop.   So far, the code
I have used is nothing that I haven't already seen online in various places.

Basically, I want a client to be able to issue commands to a "manager" that manages the interfaces and perform sniffing 
on them.

Eg. Step 1 is I want to list the interfaces, so I created a function to print the info on the screen after calling 
pcap_lookupdevs() function.

Step 2 is to start sniffing on a particular device (eg. the name of one of the devices returned from previous function) 
using any BPF filter.  Again, I get the code, using pcap_open_live() and pcap_comiple() and pcap_setfilter().  My 
problem is with the sniffing loop part of it.

I want to be able to return from Step 2 and say "yes, sniffing was started successfully" or "no there was an error".  I 
also want the sniffing to occur infinitely, or until I say stop (via pcap_breakloop() function).
In addition, I want to be able to issue other calls, like getting the received/dropped packets stats for the network 
device (which I have the code for), and stopping the sniffing and printing the final statistics and closing the handle 
to the device.

But, I can't seem to do that because the code is always blocking on
pcap_loop() or pcap_dispatch(), which I know its expected to.  I have a global array of handles and device names for 
which I am sniffing.

Is there any good ideas for this kind of functionality?  Is creating a thread and calling the pcap_loop function a good 
idea?  Is there any example code of doing that?

Please advise.  Thanks.
Jeff
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.

Current thread:

pcap_loop - any other option that won't block while sniffing for infinite time Jeff Garrett (May 05)
- Re: pcap_loop - any other option that won't block while sniffing for infinite time Guy Harris (May 05)
- Re: pcap_loop - any other option that won't block Gianluca Varenni (May 05)