the correct way to use pcap_next_ex or pcap_next (libpcap)

Question 1

the correct way to use pcap_next_ex or pcap_next (libpcap)

libpcap

jon · Oct 15, 2010 · Viewed 11.4k times · Source

Answer

Answer

I freezed on this problem in python with winpcapy (1.9.2009) and WinPcap 4.1.0.2001.

I solved it simply by creating copy of packet data array (as suggested by memcpy mentioned in question).

pkt_data = pkt_data[:header.contents.len]

Not sure if it's correct but works for me at the moment.

And based on answer at winpcap papermail this what pkt_data references to should persist until next call of pcap_next_ex (or other dispatch method). If i got it right, because it uses one buffer for more/all packets and so it can be reused for other/last packets?

Q.

Question 2

I saw this kind of code used in a project:

while (1)
{
  l_numPkts = pcap_next_ex( m_pcapHandle, &header, &pkt_data);
  //do something
  memcpy(dst,pkt_data,size);    
}

after the pcap_next_ex return,the packet status will be set TP_STATUS_KERNEL,which means the buf was return to kernel. code:

 /* next packet */
 switch (handle->md.tp_version) {
  case TPACKET_V1:
  h.h1->tp_status = TP_STATUS_KERNEL;
..

in some high speed environment,will it get a memory problem?

and what is the correct way to use pcap_next / pcap_next_ex?

the correct way to use pcap_next_ex or pcap_next (libpcap)

Answer

Related questions