tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

libpcap: real time usage of file descriptor returned by pcap_get_selectable_fd

From: liu lily <politoesolve () gmail com>
Date: Fri, 28 Jun 2013 19:53:42 +0200
I'm programming for a network program using libevent. I posted a question
previously, but I have some new discoveries.

In this program, I want to capture packets using libpcap, modify these
packets and then sends them out. These steps should be in real time.

So I create a live capture, use pcap_get_selectable_fd to get a file
descriptor pcap_fd for the live capture and add a READ_EV event for
pcap_fdto a libevent loop. Anyway, it is like select() or epoll()
polling the file
descriptor.

But I notice the program doesn't work as expected, so I use tcpdump and
some debugging logs to check the problem. I notice that sometimes, the
polling on pcap_fd is not working correctly, for example, at the begining,
it seems to work fine. Some time later, the READ_EV event for pcap_fd is
triggered 2 seconds later, which is really a big delay.

I read the mannual, it says:

   pcap_get_selectable_fd(3) will return a file descriptor. But simple select()
   or poll() will not indicate that the  descriptor  is  readable
   until  a  full  buffer's worth of packets is received, even if the read
   timeout expires before then.

It seems to me that the live capture has captured around 15 packets (each
of which is 66 bytes), but the READ_EV event is not triggered until 2
seconds later. But at the very beginning, even 1 packet arrival can trigger
a READ_EV event. This means it is very unstable.

   To work around this, an application  that
   uses  select()  or  poll()  to  wait for packets to arrive must put the
   pcap_t in non-blocking mode, and must  arrange  that  the  select()  or
   poll()  have a timeout less than or equal to the read timeout, and must
   try to read packets after that timeout expires, regardless  of  whether
   select() or poll() indicated that the file descriptor for the pcap_t is
   ready to be read or not.

My question is for the paragraph above:

1 it seems to me that there are 2 timeouts, a read timeout and a timeout
defined by myself, so what is the read timeout?

2 it seems to me that I need to set a very small timeout and poll the live
capture using pcap_next() or pcap_dispatch, is it right? then my polling
could be very CPU consuming?

thanks!
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Previous By Date Next
Previous By Thread Next

Current thread: