tcpdump mailing list archives
Re: TPACKET v3 / pcap_open_live - backwards compatibility for projects
From: Guy Harris <guy () alum mit edu>
Date: Thu, 27 Mar 2014 15:27:43 -0700
On Mar 27, 2014, at 3:15 PM, Guy Harris <guy () alum mit edu> wrote:
On Mar 27, 2014, at 1:50 PM, John Farnsworth <John.Farnsworth () imc-chicago com> wrote:However, I don't see a method to place logic into code to invoke pcap_set_immediate_mode only if it exists, as I can't trust it to exist, since it is new. Yet I must specify it to retain legacy behavior. This puts me in an odd dependency loop that I must make I suppose 2 versions of the application, one against libpcap 1.5 and one against libpcap 1.2 and expect the newer one to fail to compile against the older lib.Another alternative, if your app is linked dynamically with libpcap, is to try using dlopen() to load libpcap.so (I *think* the glibc dynamic loader is smart enough to recognize that the library is already loaded, and just give you a handle for it), use dlsym() to find a pointer to pcap_set_immediate_mode(), and, if the pointer is found, call through that pointer with the appropriate arguments. (This is a technique commonly used on Windows with its equivalent APIs, LoadLibrary()/GetModuleHandle() and GetProcAddress(), to handle APIs present in some OS versions but not others, and was also used on Linux, with libpcap, in Wireshark at one point.)
A third alternative, *if* you can build code on a newer OS version and run it on an older OS version (this being Linux, I wouldn't assume that - I wouldn't even assume you can build it on an *older* version and have it run on a *newer* version), would be to build it on a newer version, using pcap_set_immediate_mode(), and *statically* link with libpcap, and run that on the older versions. When it comes to the kernel APIs that Linux provides for packet capturing, libpcap will, for example, fall back on TPACKET_V2 if TPACKET_V3 isn't available (and on TPACKET_V1 if TPACKET_V2 isn't available, and on reading each packet with recvmsg() if turbopacket isn't available at all). _______________________________________________ tcpdump-workers mailing list tcpdump-workers () lists tcpdump org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Current thread:
- TPACKET v3 / pcap_open_live - backwards compatibility for projects John Farnsworth (Mar 27)
- Message not available
- Re: TPACKET v3 / pcap_open_live - backwards compatibility for projects John Farnsworth (Mar 27)
- Re: TPACKET v3 / pcap_open_live - backwards compatibility for projects Guy Harris (Mar 27)
- Re: TPACKET v3 / pcap_open_live - backwards compatibility for projects Guy Harris (Mar 27)
- Re: TPACKET v3 / pcap_open_live - backwards compatibility for projects Guy Harris (Mar 27)
- Re: TPACKET v3 / pcap_open_live - backwards compatibility for projects John Farnsworth (Mar 27)
- Message not available