[prev in list] [next in list] [prev in thread] [next in thread] 

List:       tcpdump-workers
Subject:    Re: [tcpdump-workers] next release of libpcap
From:       Guy Harris <guy () alum ! mit ! edu>
Date:       2008-04-06 19:45:39
Message-ID: 47F92863.30407 () alum ! mit ! edu
[Download RAW message or body]

Christian S.J. Peron wrote:
> I have attached the patch that we have been using. This is a patch for the
> libpcap code in FreeBSD -CURRENT right now.  It appears to work well, but
> you folks might have some ideas for getting the necessary autoconf magic
> in, as well make some possible architecture changes.
>   
Some comments:

I've checked in changes to split pcap_open_live() into pcap_create() and 
pcap_activate(), so you can set various options before activating the 
capture handle; this means that the pcap_open_live() routine would need 
some changes.  You should probably check out the main branch of libpcap 
with anonymous CVS and maintain your changes in that tree, so that 
checkins to CVS get propagated to your code.

You might want to include <sys/mman.h> and <sys/poll.h> only if you have 
memory-mapped BPF support, in case, for example, older versions of AIX 
don't have those headers.

Also, you're using select() rather than poll(); is there any need to 
include <sys/poll.h> at all?

You might want to put the structure members for memory-mapped mode into 
the "pcap_md" structure; I'm trying to move towards having only the 
stuff that's used for all capture types and for savefiles in the pcap_t 
structure, and move stuff specific to capturing into pcap_md 
(ultimately, I'd like to have the pcap_create() routines allocate 
structures with their platform-specific members, so that information 
doesn't have to be in pcap-int.h).

Also, there's no need for a "timeout" member of your own - just use 
"md.timeout".

pcap_t handles can be put into non-blocking mode; in that mode, 
pcap_next_zbuf() shouldn't call select().  See pcap-linux.c to see how 
that's done there - if it uses the memory-mapped ring buffer, it 
overrides the "get nonblocking mode" and "set nonblocking mode" methods, 
so that the "set" method sets "md.timeout" to a negative value in 
non-blocking mode, which is used as an indication that select() 
shouldn't be called, and the "get" method checks the value of 
"md.timeout" to see whether non-blocking mode is on or not.

pcap_close_common() shouldn't be modified - instead, you should, if 
memory-mapped BPF is being used, override the close method with your own 
routine in pcap-bpf.c, which would delete the mappings and then call 
pcap_close_common().
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
[prev in list] [next in list] [prev in thread] [next in thread]