tcpdump mailing list archives
Re: [Libpcap] Linux ps_drop()
From: Guy Harris <guy () alum mit edu>
Date: Mon, 28 Nov 2011 13:03:36 -0800
On Oct 10, 2011, at 8:28 PM, Jon Schipp wrote:
I'm going through some past mailing lists posts and I found this, which may have answered my question on where libpcap on Linux gets its drop count: http://seclists.org/tcpdump/2010/q3/46 "You have a recent version of libpcap, and a recent kernel, so pcap_stats() should be getting the dropped-packet statistics by calling getsockopt(PF_PACKET socket, SOL_PACKET, PACKET_STATISTICS, &statistics buffer, ...). The PF_PACKET socket code should increment the count of dropped packets any time it fails to put a packet into the buffer because the buffer is full." Is this still true?
"[If] you have a recent version of libpcap, and a recent kernel, [then] pcap_stats() should be getting the dropped-packet statistics by calling..." is still true as of the top-of-Git-trunk code today; we have not changed it and have no reason to change it. "The PF_PACKET socket code [increments] the count of dropped packets any time it fails to put a packet into the buffer because the buffer is full." appears to be true at least as of http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=blob_plain;f=net/packet/af_packet.c;hb=HEAD Is there a reason why you might think it's no longer true?- This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- [Libpcap] Linux ps_drop() Jon Schipp (Nov 27)
- Re: [Libpcap] Linux ps_drop() Guy Harris (Nov 29)