tcpdump mailing list archives
Re: Is libpcap pcap_set_buffer_size() == winpcap pcap_setbuff() ?
From: Guy Harris <guy () alum mit edu>
Date: Thu, 3 Sep 2009 10:04:16 -0700
On Sep 3, 2009, at 9:13 AM, Chris Morgan wrote:
A user of Sharppcap is asking if we support pcap_setbuff(). Apparently this is a winpcap specific option.
Yes.The problem is that not all platforms atop which libpcap runs can support setting the buffer size after you've opened a network interface for capturing - BPF won't let you change the buffer size on a /dev/bpf* device once you've bound it to an interface.
The WinPcap people added pcap_setbuff(), but the code whose buffer size it changes is their code, so they could make it work however they wanted; the capture code libpcap uses is part of the UN*X systems on which it runs.
I was wondering if pcap_set_buffer_size() was the same as pcap_setbuff().
"The same" in what sense?They are used differently. Libpcap 1.x, in order to allow more options to be specified when a network interface is opened for capturing, split pcap_open_live() into pcap_create(), which creates a "non-activated" pcap_t, on which options can be set but upon which capturing cannot be done, and pcap_activate(), which "activates" the pcap_t so that you can capture on it.
One option that can be set between creation and activation is the buffer size; that even works on systems that use BPF for capturing, as the /dev/bpf* device isn't opened, much less bound to an interface, until the pcap_t is activated.
So, to set the buffer size when you open an interface, you do pd = pcap_create(...); if (pd == NULL) fail; ... status = pcap_set_buffer_size(pd, buffer_size); if (status != 0) fail; ... status = pcap_activate(pd); if (status != 0) fail;pcap_setbuff() takes an opened pcap_t as an argument, so it can only be called *after* the interface has been opened, so, to set the buffer size on Windows after you open an interface, you do
pd = pcap_open_live(...); if (pd == NULL) fail; if (pcap_setbuff(pd, buffer_size) == -1) fail;or, in WinPcap 4.1 (at least as of 4.1b5 - I don't know which version first picked up pcap_create() and pcap_activate()):
pd = pcap_create(...); if (pd == NULL) fail; ... status = pcap_activate(pd); if (status == 0) fail; if (pcap_setbuff(pd, buffer_size) == -1) fail;
If so, are there any plans to unify the api for increased cross platform codeportability?
WinPcap 4.1 (again, at least as of 4.1b5) has pcap_set_buffer_size(), so you can do
pd = pcap_create(...); if (pd == NULL) fail; ... status = pcap_set_buffer_size(pd, buffer_size); if (status != 0) fail; ... status = pcap_activate(pd); if (status != 0) fail; on Windows with WinPcap 4.1 and on UN*Xes if you have libpcap 1.x.libpcap will not pick up pcap_setbuff() as it cannot be implemented on all platforms (no *BSD, AIX, or Mac OS X) and as it has pcap_set_buffer_size().
- This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- Is libpcap pcap_set_buffer_size() == winpcap pcap_setbuff() ? Chris Morgan (Sep 07)
- Re: Is libpcap pcap_set_buffer_size() == winpcap pcap_setbuff() ? Guy Harris (Sep 07)
- Re: Is libpcap pcap_set_buffer_size() == winpcap Chris Morgan (Sep 07)
- Re: Is libpcap pcap_set_buffer_size() == winpcap Guy Harris (Sep 07)
- Re: Is libpcap pcap_set_buffer_size() == winpcap Chris Morgan (Sep 07)
- Re: Is libpcap pcap_set_buffer_size() == winpcap Chris Morgan (Sep 07)
- Re: Is libpcap pcap_set_buffer_size() == winpcap pcap_setbuff() ? Guy Harris (Sep 07)