pcap_loop - any other option that won't block while sniffing for infinite time

[Jeff Garrett <jeffrey.s.garrett () gmail com>]

Hi.
I am looking to setup a kind of a sniffer manager in C that is cross
platform (Windows, Linux).  I have everything working in both platforms,
with the exception of one thing - the main sniffing loop.   So far, the code
I have used is nothing that I haven't already seen online in various places.

Basically, I want a client to be able to issue commands to a "manager" that
manages the interfaces and perform sniffing on them.

Eg. Step 1 is I want to list the interfaces, so I created a function to
print the info on the screen after calling pcap_lookupdevs() function.

Step 2 is to start sniffing on a particular device (eg. the name of one of
the devices returned from previous function) using any BPF filter.  Again, I
get the code, using pcap_open_live() and pcap_comiple() and
pcap_setfilter().  My problem is with the sniffing loop part of it.

I want to be able to return from Step 2 and say "yes, sniffing was started
successfully" or "no there was an error".  I also want the sniffing to occur
infinitely, or until I say stop (via pcap_breakloop() function).
In addition, I want to be able to issue other calls, like getting the
received/dropped packets stats for the network device (which I have the code
for), and stopping the sniffing and printing the final statistics and
closing the handle to the device.

But, I can't seem to do that because the code is always blocking on
pcap_loop() or pcap_dispatch(), which I know its expected to.  I have a
global array of handles and device names for which I am sniffing.


Is there any good ideas for this kind of functionality?  Is creating a
thread and calling the pcap_loop function a good idea?  Is there any example
code of doing that?


Please advise.  Thanks.
Jeff
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.