tcpdump mailing list archives
Fwd: why does pcap_dispatch return 0?
From: liu wen <caonimagongling () gmail com>
Date: Tue, 13 Oct 2015 00:59:37 +0200
---------- Forwarded message ---------- From: Guy Harris <guy () alum mit edu> Date: Tue, Oct 13, 2015 at 12:17 AM Subject: Re: [tcpdump-workers] why does pcap_dispatch return 0? To: liu wen <caonimagongling () gmail com> On Oct 12, 2015, at 1:53 PM, liu wen <caonimagongling () gmail com> wrote:
I tried the program (compile and then run) on two laptops, one with
Fedora (fedora release 18) and one with Ubuntu (Ubuntu 14.04.2 LTS)
on Fedora, the program works fine, the pcap_dispatch() can capture
packets the first time it is invoked, but on Ubuntu, as previously mentioned, the first two invoke of pcap_dispatch() return 0. I use ldd to check the libraries of this program on each laptop.
Fedora: $ldd relay linux-vdso.so.1 => (0x00007fff1d1ad000) libevent-1.4.so.2 => /lib/libevent-1.4.so.2 (0x00007faca467d000) libpcap.so.1 => /lib64/libpcap.so.1 (0x00000035b4a00000) libc.so.6 => /lib64/libc.so.6 (0x00000035b0a00000) libnsl.so.1 => /lib64/libnsl.so.1 (0x00000035cea00000) librt.so.1 => /lib64/librt.so.1 (0x00000035b1a00000) libresolv.so.2 => /lib64/libresolv.so.2 (0x00000035b2e00000) /lib64/ld-linux-x86-64.so.2 (0x00000035b0200000) libpthread.so.0 => /lib64/libpthread.so.0 (0x00000035b1600000) ubuntu: $ ldd relay linux-vdso.so.1 => (0x00007ffd08bc5000) libevent-2.0.so.5 => /usr/lib/x86_64-linux-gnu/libevent-2.0.so.5
(0x00007eff35f81000)
libpcap.so.0.8 => /usr/lib/x86_64-linux-gnu/libpcap.so.0.8
(0x00007eff35d43000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007eff3597e000) libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0
(0x00007eff35760000)
/lib64/ld-linux-x86-64.so.2 (0x00007eff361c5000) indeed, both libpcap and libevent versions are different.
*That's because Fedora and Ubuntu are different. :-) Linux distributions may, or may not, use the library developer's upstream version number as the shared library version number. It looks as if Fedora and Ubuntu are using the upstream version numbers for libevent, but Linux distributions tend *not* to use the libpcap upstream version number, for various reasons. (One of which is that the API and ABI for libpcap have been stable since before libpcap 1.0; I guess the Debian people decided that it became stable in 0.8, even though it was stable before then, and have been using "0.8" as the libpcap shared library version number ever since then, even for 1.x versions of libpcap.) To find out the version number of libpcap, try tcpdump -h to get the *actual* version number, rather than the shared library version number, of the system libpcap, as that's what tcpdump uses and it's what you're using (based on the pathnames from ldd). The Linux kernel number also matters here, as the underlying capture mechanism is provided by the kernel, and that's what would be doing the timeout.* *--------------------------------------------------------------------------------------------------------* what do you mean of upstream version? version 2 is upstream version of version 1 or version 1 is upstream version of version 2? I tried tcpdump -h on Fedora laptop and Ubuntu laptop and the result is: on Fedora: tcpdump version 4.3.0 libpcap version 1.3.0 on Ubuntu: tcpdump version 4.5.1 libpcap version 1.5.3 how are these libpcap version number related to libpcap.so.1 and libpcap.so.0.8? besides, I'm not very clear whether I understand you correctly. I use "ldd" on the program relay to show what libraries they are using. So you mean the libraries shown on ldd results are not the real libraries they are using? then why ldd showed them? if I use static library style compilation, will them use exactly the version which are used in compilation? I really don't understand why on ubuntu, the program can't run correctly as expected and how to make it work properly on ubuntu. _______________________________________________ tcpdump-workers mailing list tcpdump-workers () lists tcpdump org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Current thread:
- why does pcap_dispatch return 0? liu wen (Oct 11)
- Re: why does pcap_dispatch return 0? Guy Harris (Oct 11)
- Message not available
- Message not available
- Fwd: why does pcap_dispatch return 0? liu wen (Oct 12)
- Message not available
- Message not available
- Message not available
- Message not available
- Message not available
- Re: why does pcap_dispatch return 0? liu wen (Oct 12)
- Re: why does pcap_dispatch return 0? Guy Harris (Oct 11)
- Re: why does pcap_dispatch return 0? liu wen (Oct 14)