[prev in list] [next in list] [prev in thread] [next in thread]
List: winpcap-users
Subject: Re: [Winpcap-users] pcap_loop pointers
From: "Gianluca Varenni" <gianluca.varenni () cacetech ! com>
Date: 2007-09-18 17:56:58
Message-ID: 3bbb01c7fa1d$4ee9a8c0$6600a8c0 () NELSON2
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
----- Original Message -----
From: ceo@triplebit.com
To: Gianluca Varenni ; winpcap-users@winpcap.org
Sent: Tuesday, September 18, 2007 10:07 AM
Subject: Re: [Winpcap-users] pcap_loop pointers
Thanks GV,
Another phenomena bathers me and I'd like to have your advise of possible-
I let my VC++ application to run and it transmits TCP packets.
I sniff with Ethereal while sniffing concurrently with my application and I filter \
into a dump file only payload data packets. I encounter the following anomalies- 1. \
My applications misses packets from time to time.
If your application is not fast enough at processing packets, the WinPcap capture can \
definitely lose packets. Please check the dropped packets count in the statistics \
returned by pcap_stats and pcap_stats_ex
2. The ACK in my application packets are always 0.
Is this what you see in wireshark/ethereal? As far as I remember wireshark normalizes \
the ACK values to be 0-based. If you look in the middle pane of wireshark, if the ACK \
are normalized, they are marked as "(relative ack number)" (at least on an recent \
version of Wireshark).
Hope it helps
GV
Can you explain that and possible suggest some workaround?
Regards
I. Lesher
----- Original Message -----
From: Gianluca Varenni
To: ceo@triplebit.com ; winpcap-users@winpcap.org
Sent: Tuesday, September 18, 2007 5:34 PM
Subject: Re: [Winpcap-users] pcap_loop pointers
No, you cannot use global pointers.
Although those pointers are valid throughout the life of the pcap handle (valid \
in the sense that they point to a valid memory location), as soon as your pcap_loop \
callback function returns, the contents of such memory are overwritten.
The *ONLY* way to preserve a packet passed to the pcap_loop callback is to copy \
the packet into some memory buffer allocated by your application.
Have a nice day
GV
----- Original Message -----
From: ceo@triplebit.com
To: Gianluca Varenni ; winpcap-users@winpcap.org
Sent: Tuesday, September 11, 2007 9:07 AM
Subject: Re: [Winpcap-users] pcap_loop pointers
Thanks GV,
I experimented a little and saw that if I assign global pointers with the \
outcome pointers values from the function, they sustain to point to the original \
pointers data even if I leave the function. Does that make sense with your reply?
Can I use these global pointers values after returning from the function?
Regards
I. Lesher
----- Original Message -----
From: Gianluca Varenni
To: ceo@triplebit.com ; winpcap-users@winpcap.org
Sent: Tuesday, September 11, 2007 8:34 AM
Subject: Re: [Winpcap-users] pcap_loop pointers
----- Original Message -----
From: ceo@triplebit.com
To: winpcap-users@winpcap.org
Sent: Monday, September 10, 2007 6:13 AM
Subject: [Winpcap-users] pcap_loop pointers
I think that my question represents also other users.
When using the function "pcap_loop" the system uses the fallowing callback
whenever a packet arrives -
typedef void(* pcap_handler)(u_char *user, const struct pcap_pkthdr
*pkt_header, const u_char *pkt_data)
My questions-
1. I saw that the pointers pkt_data and pkt_header differ from packet to
packet.
Does that mean that the data on which they point occupies different area in
memory?
Yes.
2. How do I know if the data pointed by them is still valid in a certain
moment?
Those pointers are valid *only* in the context of the pcap_handler callback. \
Packets are reused as soon as the pcap_handler callback returns.
Have a nice day
GV
Regards
I. Lesher
----------------------------------------------------------------------
_______________________________________________
Winpcap-users mailing list
Winpcap-users@winpcap.org
https://www.winpcap.org/mailman/listinfo/winpcap-users
------------------------------------------------------------------------------
_______________________________________________
Winpcap-users mailing list
Winpcap-users@winpcap.org
https://www.winpcap.org/mailman/listinfo/winpcap-users
[Attachment #5 (text/html)]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.6000.16525" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT size=2></FONT> </DIV>
<BLOCKQUOTE
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 \
2px solid; MARGIN-RIGHT: 0px"> <DIV style="FONT: 10pt arial">----- Original Message \
----- </DIV> <DIV
style="BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: black"><B>From:</B>
<A title=ceo@triplebit.com
href="mailto:ceo@triplebit.com">ceo@triplebit.com</A> </DIV>
<DIV style="FONT: 10pt arial"><B>To:</B> <A
title=gianluca.varenni@cacetech.com
href="mailto:gianluca.varenni@cacetech.com">Gianluca Varenni</A> ; <A
title=winpcap-users@winpcap.org
href="mailto:winpcap-users@winpcap.org">winpcap-users@winpcap.org</A> </DIV>
<DIV style="FONT: 10pt arial"><B>Sent:</B> Tuesday, September 18, 2007 10:07
AM</DIV>
<DIV style="FONT: 10pt arial"><B>Subject:</B> Re: [Winpcap-users] pcap_loop
pointers</DIV>
<DIV><BR></DIV>
<DIV><FONT size=2>Thanks GV,</FONT></DIV>
<DIV><FONT size=2>Another phenomena bathers me and I'd like to have your
advise of possible-</FONT></DIV>
<DIV><FONT size=2>I let my VC++ application to run and it transmits TCP
packets.</FONT></DIV>
<DIV><FONT size=2>I sniff with Ethereal while sniffing concurrently with my
application and I filter into a dump file only payload data packets. I
encounter the following anomalies-</FONT></DIV>
<DIV><FONT size=2>1. My applications misses packets from time to
time.</FONT></DIV>
<DIV><FONT size=2></FONT> </DIV></BLOCKQUOTE>
<DIV><FONT size=2>If your application is not fast enough at processing packets,
the WinPcap capture can definitely lose packets. Please check the dropped
packets count in the statistics returned by pcap_stats and
pcap_stats_ex</FONT></DIV>
<BLOCKQUOTE
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 \
2px solid; MARGIN-RIGHT: 0px"> <DIV><FONT size=2></FONT> </DIV>
<DIV><FONT size=2>2. The ACK in my application packets are always
0.</FONT></DIV>
<DIV><FONT size=2></FONT> </DIV></BLOCKQUOTE>
<DIV><FONT size=2>Is this what you see in wireshark/ethereal? As far as I
remember wireshark normalizes the ACK values to be 0-based. If you look in the
middle pane of wireshark, if the ACK are normalized, they are marked as
"(relative ack number)" (at least on an recent version of
Wireshark).</FONT></DIV>
<DIV><FONT size=2></FONT> </DIV>
<DIV><FONT size=2>Hope it helps</FONT></DIV>
<DIV><FONT size=2>GV</FONT></DIV>
<BLOCKQUOTE
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 \
2px solid; MARGIN-RIGHT: 0px"> <DIV><FONT size=2></FONT> </DIV>
<DIV><FONT size=2>Can you explain that and possible suggest some
workaround?</FONT></DIV>
<DIV><FONT size=2></FONT> </DIV>
<DIV><FONT size=2>Regards</FONT></DIV>
<DIV><FONT size=2></FONT> </DIV>
<DIV><FONT size=2>I. Lesher</FONT></DIV>
<DIV> </DIV>
<BLOCKQUOTE dir=ltr
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: \
#000000 2px solid; MARGIN-RIGHT: 0px"> <DIV style="FONT: 10pt arial">----- Original \
Message ----- </DIV> <DIV
style="BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: black"><B>From:</B>
<A title=gianluca.varenni@cacetech.com
href="mailto:gianluca.varenni@cacetech.com">Gianluca Varenni</A> </DIV>
<DIV style="FONT: 10pt arial"><B>To:</B> <A title=ceo@triplebit.com
href="mailto:ceo@triplebit.com">ceo@triplebit.com</A> ; <A
title=winpcap-users@winpcap.org
href="mailto:winpcap-users@winpcap.org">winpcap-users@winpcap.org</A> </DIV>
<DIV style="FONT: 10pt arial"><B>Sent:</B> Tuesday, September 18, 2007 5:34
PM</DIV>
<DIV style="FONT: 10pt arial"><B>Subject:</B> Re: [Winpcap-users] pcap_loop
pointers</DIV>
<DIV><BR></DIV>
<DIV><FONT size=2>No, you cannot use global pointers. </FONT></DIV>
<DIV><FONT size=2></FONT> </DIV>
<DIV><FONT size=2>Although those pointers are valid throughout the life of
the pcap handle (valid in the sense that they point to a valid memory
location), as soon as your pcap_loop callback function returns, the contents
of such memory are overwritten. </FONT></DIV>
<DIV><FONT size=2></FONT> </DIV>
<DIV><FONT size=2>The *ONLY* way to preserve a packet passed to the
pcap_loop callback is to copy the packet into some memory buffer allocated
by your application.</FONT></DIV>
<DIV><FONT size=2></FONT> </DIV>
<DIV><FONT size=2>Have a nice day</FONT></DIV>
<DIV><FONT size=2>GV</FONT></DIV>
<DIV> </DIV>
<BLOCKQUOTE dir=ltr
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: \
#000000 2px solid; MARGIN-RIGHT: 0px"> <DIV style="FONT: 10pt arial">----- Original \
Message ----- </DIV> <DIV
style="BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: black"><B>From:</B>
<A title=ceo@triplebit.com
href="mailto:ceo@triplebit.com">ceo@triplebit.com</A> </DIV>
<DIV style="FONT: 10pt arial"><B>To:</B> <A
title=gianluca.varenni@cacetech.com
href="mailto:gianluca.varenni@cacetech.com">Gianluca Varenni</A> ; <A
title=winpcap-users@winpcap.org
href="mailto:winpcap-users@winpcap.org">winpcap-users@winpcap.org</A>
</DIV>
<DIV style="FONT: 10pt arial"><B>Sent:</B> Tuesday, September 11, 2007
9:07 AM</DIV>
<DIV style="FONT: 10pt arial"><B>Subject:</B> Re: [Winpcap-users]
pcap_loop pointers</DIV>
<DIV><BR></DIV>
<DIV><FONT size=2>Thanks GV,</FONT></DIV>
<DIV><FONT size=2>I experimented a little and saw that if I assign global
pointers with the outcome pointers values from the function, they
sustain to point to the original pointers data even if I leave the
function.</FONT></DIV>
<DIV><FONT size=2>Does that make sense with your reply?</FONT></DIV>
<DIV><FONT size=2>Can I use these global pointers values after returning
from the function? </FONT></DIV>
<DIV><FONT size=2>Regards</FONT></DIV>
<DIV> </DIV>
<DIV><FONT size=2>I. Lesher</FONT></DIV>
<BLOCKQUOTE dir=ltr
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: \
#000000 2px solid; MARGIN-RIGHT: 0px"> <DIV style="FONT: 10pt arial">----- Original \
Message ----- </DIV> <DIV
style="BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: black"><B>From:</B> \
<A title=gianluca.varenni@cacetech.com
href="mailto:gianluca.varenni@cacetech.com">Gianluca Varenni</A> </DIV>
<DIV style="FONT: 10pt arial"><B>To:</B> <A title=ceo@triplebit.com
href="mailto:ceo@triplebit.com">ceo@triplebit.com</A> ; <A
title=winpcap-users@winpcap.org
href="mailto:winpcap-users@winpcap.org">winpcap-users@winpcap.org</A>
</DIV>
<DIV style="FONT: 10pt arial"><B>Sent:</B> Tuesday, September 11, 2007
8:34 AM</DIV>
<DIV style="FONT: 10pt arial"><B>Subject:</B> Re: [Winpcap-users]
pcap_loop pointers</DIV>
<DIV><BR></DIV>
<DIV><FONT size=2></FONT> </DIV>
<BLOCKQUOTE
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: \
#000000 2px solid; MARGIN-RIGHT: 0px">
<DIV style="FONT: 10pt arial">----- Original Message ----- </DIV>
<DIV
style="BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: \
black"><B>From:</B> <A title=ceo@triplebit.com
href="mailto:ceo@triplebit.com">ceo@triplebit.com</A> </DIV>
<DIV style="FONT: 10pt arial"><B>To:</B> <A
title=winpcap-users@winpcap.org
href="mailto:winpcap-users@winpcap.org">winpcap-users@winpcap.org</A>
</DIV>
<DIV style="FONT: 10pt arial"><B>Sent:</B> Monday, September 10, 2007
6:13 AM</DIV>
<DIV style="FONT: 10pt arial"><B>Subject:</B> [Winpcap-users]
pcap_loop pointers</DIV>
<DIV><FONT size=2></FONT><BR></DIV>
<DIV><FONT size=2>I think that my question represents also other
users.</FONT></DIV>
<DIV><FONT size=2><FONT size=3>When using the function
"pcap_loop" the system uses the fallowing callback<BR>whenever a
packet arrives -<BR><BR> typedef void(*
pcap_handler)(u_char *user, const struct pcap_pkthdr<BR>*pkt_header,
const u_char *pkt_data)<BR><BR><BR>My questions-<BR><BR>1. I saw that
the pointers pkt_data and pkt_header differ from packet
to<BR>packet.<BR>Does that mean that the data on which they point
occupies different area
in<BR>memory?<BR></FONT></FONT></DIV></BLOCKQUOTE>
<DIV><FONT size=2>Yes.</FONT></DIV>
<BLOCKQUOTE
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: \
#000000 2px solid; MARGIN-RIGHT: 0px"> <DIV><FONT size=2><FONT \
size=2></FONT></FONT> </DIV>
<DIV><FONT size=2><FONT size=3>2. How do I know if the data pointed by
them is still valid in a
certain<BR>moment?<BR></FONT></FONT></DIV></BLOCKQUOTE>
<DIV><FONT size=2><FONT size=3><FONT size=2>Those pointers are valid
*only* in the context of the pcap_handler callback. Packets are reused
as soon as the pcap_handler callback returns.</FONT></FONT></FONT></DIV>
<DIV><FONT size=2><FONT size=3><FONT
size=2></FONT></FONT></FONT> </DIV>
<DIV><FONT size=2><FONT size=3><FONT size=2>Have a nice
day</FONT></FONT></FONT></DIV>
<DIV><FONT size=2><FONT size=3><FONT
size=2>GV</FONT></FONT></FONT></DIV>
<BLOCKQUOTE
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: \
#000000 2px solid; MARGIN-RIGHT: 0px"> <DIV><FONT size=2><FONT size=3><FONT
size=2></FONT></FONT></FONT> </DIV>
<DIV><FONT size=2><FONT size=3><BR>Regards<BR><BR>I.
Lesher</FONT><BR><BR></DIV></BLOCKQUOTE>
<BLOCKQUOTE
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: \
#000000 2px solid; MARGIN-RIGHT: 0px"></FONT> <P>
<HR>
<P></P>_______________________________________________<BR>Winpcap-users
mailing
list<BR>Winpcap-users@winpcap.org<BR>https://www.winpcap.org/mailman/listinfo/winpcap-users<BR></BLOCKQUOTE></BLOCKQUOTE></BLOCKQUOTE></BLOCKQUOTE>
<P>
<HR>
<P></P>_______________________________________________<BR>Winpcap-users
mailing
list<BR>Winpcap-users@winpcap.org<BR>https://www.winpcap.org/mailman/listinfo/winpcap-users<BR></BLOCKQUOTE></BODY></HTML>
_______________________________________________
Winpcap-users mailing list
Winpcap-users@winpcap.org
https://www.winpcap.org/mailman/listinfo/winpcap-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic