Re: capturing on both interfaces simultaneously

[rixed () happyleptic org]

-[ Sat, Dec 10, 2011 at 12:59:26PM -0800, Guy Harris ]----
> > Unfortunately, I don't know any way to
> > associate a file descriptor with a pcap handle portably. :-(
>
> pcap_get_selectable_fd() if present in your libpcap, pcap_fileno() otherwise.

Thank you for the correction.

> > Yes junkie uses one thread per interface.  The reason behind this is that I use
> > it to perform a lot of process for every packet so using threads on many
> > interfaces offer as much parallelism as necessary
>
> ...although, unless the processing can make blocking system calls, this only helps to the extent that your machine 
> can run multiple threads in parallel

Indeed, as can most hardware that's not a fridge these days :-)
Also, despite we're getting of topic, I'd like to add that I find threaded code
easier to read than event-sliced programs (since it saves the save/lookup of
the state when an event occur/finishes) ; it also tends to be harder to debug,
though.

> > I think you will be forced into recvfrom
> No, pcap_dispatch() should work.-

No doubt pcap_get_selectable_fd() + pcap_dispatch() is the correct answer to OP's
question.

-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.