tcpdump mailing list archives

Re: What's the correct new API to request pcap_linux to not open an eventfd

From: Guy Harris via tcpdump-workers <tcpdump-workers () lists tcpdump org>
Date: Fri, 20 May 2022 12:36:01 -0700

--- Begin Message --- From: Guy Harris <gharris () sonic net>
Date: Fri, 20 May 2022 12:36:01 -0700

On May 20, 2022, at 10:56 AM, Bill Fenner via tcpdump-workers <tcpdump-workers () lists tcpdump org> wrote:

I'm helping to debug a system that uses many many pcap handles, and never
calls pcap_loop - only ever pcap_next.


Both pcap_loop() and pcap_next() ultimately go to the same place.

Note, BTW, that pcap_next() sucks; it's impossible to know whether it returns NULL because of an error or because the 
timeout expired and no packets had arrived during that time.  pcap_next_ex() doesn't have that problem.  (On Linux, the 
turbopacket timer doesn't expire if no packets have arrived, so, *on Linux*, NULL should, as far as I know, be returned 
only on errors.)

We've found that each pcap handle has an associated eventfd, which is used to make sure to wake up when
pcap_breakloop() is called.  Since this code doesn't call pcap_loop or
pcap_breakloop, the eventfd is unneeded.


If it called pcap_breakloop(), the eventfd would still be needed; otherwise, a call could remain indefinitely stuck in 
pcap_next() until a packet finally arrives.  Only the lack of a pcap_breakloop() call renders the eventfd unnecessary.

So how is this system handling those pcap handles?

If it's putting them in non-blocking mode, and using some select/poll/epoll/etc. mechanism in a single event loop, then 
the right name for the API is pcap_setnonblock().  There's no need for an eventfd to wake up the blocking poll() if 
there *is* no blocking poll(), so:

        if non-blocking mode is on before pcap_activate() is called, no eventfd should be opened, and poll_breakloop_fd 
should be set to -1;

        if non-blocking mode is turned on after pcap_activate() is called, the eventfd should be closed, and 
poll_breakloop_fd should be set to -1;

        if non-blocking mode is turned *off* afterwards, an eventfd should be opened, and poll_breakloop_fd should be 
set to it;

        if poll_breakloop_fd is -1, the poll() should only wait on the socket FD;

so this can be handled without API changes.

If it's doing something else, e.g. using multiple threads, then:

I'm willing to write and test the code that skips creating the breakloop_fd
- but, I wanted to discuss what the API should be.  Should there be a
pcap.c "pcap_breakloop_not_needed( pcap_t * )" that dispatches to the
implementation, or should there be a linux-specific
"pcap_linux_dont_create_eventfd( pcap_t * )"?


...it should be called pcap_breakloop_not_needed() (or something such as that), with a per-type implementation, and a 
*default* implementation that does nothing, so only implementations that need to do something different would need to 
do so.

--- End Message ---

_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers

Current thread:

What's the correct new API to request pcap_linux to not open an eventfd Bill Fenner via tcpdump-workers (May 20)
- Re: What's the correct new API to request pcap_linux to not open an eventfd Guy Harris via tcpdump-workers (May 20)
- Message not available
  - Re: What's the correct new API to request pcap_linux to not open an eventfd Bill Fenner via tcpdump-workers (May 20)
- Message not available
  - Message not available
    - Re: What's the correct new API to request pcap_linux to not open an eventfd Bill Fenner via tcpdump-workers (Jun 01)