'Re: [tcpdump-workers] FreeBSD 5.4 & BIOCSRTIMEOUT & pcap_open_live()'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       tcpdump-workers
Subject:    Re: [tcpdump-workers] FreeBSD 5.4 & BIOCSRTIMEOUT & pcap_open_live()
From:       Guy Harris <guy () alum ! mit ! edu>
Date:       2005-07-11 21:28:08
Message-ID: 3255E7B8-B4B9-440D-9C81-3B44B6CD1D92 () alum ! mit ! edu
[Download RAW message or body]


On Jul 11, 2005, at 1:03 PM, Richard Huddleston wrote:

> Just referencing Tim Carsten's pcap doc:  "...to_ms is the read  
> time out...0
> sniffs until an error occurs; -1 sniffs indefinitely)."

I *really* need to sit down and edit that document - and incorporate  
Nathan Jennings' sniffex.c into it, as a replacement for the existing  
sample code, because that document, well-intended though it might be,  
has been a source of confusion for a while.

In particular:

     0 doesn't "[sniff] until an error occurs", it blocks until either

         1) an error occurs;

         2) enough packets arrive to fill up whatever buffer is being  
used by the particular packet capture mechanism (in some systems, one  
packet is enough for that; in others, it would be more than one  
packet, although the buffer is probably sized in units of bytes, not  
packets, and the size depends on the particular OS and perhaps on the  
particular release of that OS - FreeBSD is one of those platforms,  
so, unless you want to have your application possibly wait  
indefinitely to see a packet, if packets are arriving slowly, you  
want a non-zero timeout, such as tcpdump's 1 second, i.e. 1000  
milliseconds).

     -1 doesn't do anything special - it either has no effect (if the  
platform doesn't support a read timeout) or has platform-dependent  
behavior (e.g., returning an error).

The libpcap man page says:

     to_ms specifies the read timeout in milliseconds.  The read  
timeout is used to arrange that the read not necessarily return  
immediately when a packet is seen, but that it wait for some amount  
of time to allow more packets to arrive and to read multiple packets  
from the OS kernel in one operation.  Not all platforms support a  
read timeout; on platforms that don't, the read timeout is ignored.   
A zero value for to_ms, on platforms that support a read timeout,  
will cause a read to wait forever to allow enough packets to arrive,  
with no timeout.

-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic