Re: [tcpdump-workers] Influence of pcap_open_live parameters on
Hi, thanks for the answers, the caveat of capturing the sent packets when capturing on the same interface is well known to me ;-) So I defenitely use filtering on the capture interface (pcap_setdirection() is not always available) All the best, Bernd > Subject: Re: [tcpdump-workers] Influence of pcap_open_live parameters on > pcap_sendpacket > From: g...@alum.mit.edu > Date: Tue, 16 Aug 2011 09:34:37 -0700 > To: tcpdump-workers@lists.tcpdump.org > > > On Aug 16, 2011, at 5:10 AM, Doktor Bernd wrote: > > > Two questions: > > - Do the two pcap_open_live() calls influence the hardware in anyway and > > have side effects on each other or are they bound to the handle and I can > > rely on the parameters I give to be set? > > For LAN hardware, the "promisc" argument to pcap_open_live() affects whether > the interface is put in promiscuous mode; all handles will be in promiscuous > mode if any are (or, for that matter, if any other process has turned on > promiscuous mode directly rather than through libpcap). > > > - Do the parameters influence pcap_sendpacket() in any way? From the > > documentation I assume that they are only for capturing from that interface. > > None of them should affect pcap_sendpacket() directly; perhaps running in > promiscuous mode will, for example, cause the network adapter to be busier, > which might slow down its sending of packets to some degree.- > This is the tcpdump-workers list. > Visit https://cod.sandelman.ca/ to unsubscribe. - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
[tcpdump-workers] Where are incoming packets timestamped at kernel level?
Do you guys know where packets are timestamped in the kernel? I'm using a 2.6.32-131.4.1.el6.x86_64 kernel and I need to find this information. Thank you very much. - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Re: [tcpdump-workers] Where are incoming packets timestamped at kernel level?
On Aug 17, 2011, at 2:57 PM, Fabrizio Giordano wrote: > Do you guys know where packets are timestamped in the kernel? > I'm using a 2.6.32-131.4.1.el6.x86_64 kernel I.e., Linux, of somewhat recent vintage. The time stamp would be in the skb->tstamp field for the packet in question. If the adapter doesn't do hardware timestamps, the time stamp would be set in a call to the __net_timestamp() inline function from the skbuff.h header file, at least according to my 2.6.32.4 kernel tree. That's called by net_timestamp() in net/core/dev.c, which is called from netif_rx() or netif_receive_skb(). Those appear to be called from the network adapter driver; they're called to hand incoming packets to the networking stack. In, for example, the ixgb driver, it's called from ixgb_clean_rx_irq(). Executive summary: packets are, in general, timestamped when they're first handed to the networking stack.- This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Re: [tcpdump-workers] Where are incoming packets timestamped at
On Wed, Aug 17, 2011 at 10:57 PM, Fabrizio Giordano < fabrizio.giord...@riverbed.com> wrote: > Do you guys know where packets are timestamped in the kernel? > I'm using a 2.6.32-131.4.1.el6.x86_64 kernel and I need to find this > information. > Thank you very much. > Hey, I'm not really sure but i think it is in the tpacket_rcv function in af_packet.c [1] that lives in net/packet in the linux source code. If you go near line 770 in that file you will see that is going to happen some timestamping. [1] http://lxr.linux.no/linux+v3.0.3/net/packet/af_packet.c#L669 > - > This is the tcpdump-workers list. > Visit https://cod.sandelman.ca/ to unsubscribe. > -- Nuno Martins - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
[tcpdump-workers] Pcap to read packets received on a character device
Hi , I would like to know if its possible to know if its possible to read packets from a linux character device using libpcap. If yes, I would like to know how this can be achieved. I have an application which writes packets to the character device and these packets are to be read by another application, do some processing and hand it back. I was checkin the code in pcap-linux.c where we have hooks for DAG and SEPTEL devices. Should it be done in the similar way. Also I would like to know if I can set the filters in libpcap for this character device so that I can ignore packets which are not of any interest to me and avoid them from being copied to the user space. Can I also make use of the ring buffer mechanism to avoid buffer copy. How can this be done. Regards Narender - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
