libpcap: what is the efficiency of pcap_dispatch or pcap_next

[liu lily <politoesolve () gmail com>]

I use libpcap to capture a lot packets, and then process/modify these
packets and send them to another host.

First, I create a libpcap handler `handle` and set it NON-BLOCKING, and use
`pcap_get_selecable_fd(handle)` to get a corresponding file descriptor
`pcap_fd`.

Then I add an event for this `pcap_fd` to a libevent loop(it is like
select() or epoll()).

In order to avoid frequently polling this file descriptor, each time there
are packet arrival event, I use pcap_dispatch to collect a bufferful of
packets and put them into a queue `packet_queue`, and then call
`process_packet` to process/modify/send each packet in the queue
`packet_queue`.

      pcap_dispatch(handle, -1, collect_pkt, (u_char *)packet_queue);
      process_packet(packet_queue);


I use tcpdump to capture the packets that are sent by
`process_packet(packet_queue)`, and notice

1 at the very beginning, the interval between sent packets is small
2 after that several packets are sent, the interval becomes around 0.055
second
3 after 20 packets are sent, the interval becomes 0.031 second and keeps on
being 0.031 second


I carefully checked my source code and find no suspicious blocks or logic
which leads to so big intervals. So I wonder whether it is due to the
problem of the function `pcap_dispatch`.


are there any efficiency problem on pcap_dispatch or pcap_next?
thanks!
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers