On Mar 24, 2013, at 12:18 PM, Robert Monaghan <b...@gluetools.com> wrote:
> Basically, I count blocks until I get everything that I need. At that point, > I do a breakloop. Is the total block count available at the time you call pcap_loop()? If so, just pass that in to pcap_loop() as the count. > This seems to eliminate the timeout issue I saw. The combination of the smaller timeout, and not trying to read more packets than will actually arrive (so that you don't try to read packets after the download finishes), is probably what's making the difference here. > Now, however, I am concerned that the timeout is going to have to be adjusted > to some value that at is "One Size Fits All". Naturally a number that > degrades performance for all of my users. If a low timeout (or the lowest possible timeout, i.e. immediate mode, as described in my previous message, namely "no timeout, just return packets immediately") causes a problem, BPF is probably not currently capable of providing what you need. If, however, the performance is OK in immediate mode, try that. One problem with immediate mode is that it's somewhat like a socket, in that each read gives you a single packet, but it's also *not* like a socket, in that there's not a lot of buffering for packets in immediate mode. Arguably, something like Linux's PF_PACKET sockets would be best for people trying to implement protocols atop the link-layer, as (either when not in memory-mapped mode, or when in TPACKET_V1 or TPACKET_V2 memory-mapped mode) it has no timeouts, but does have a buffer, so that you don't have to *immediately* read the packet or have further packets dropped due to being out of buffer space. (In TPACKET_V3 mode, it appears to work more like, err, umm, BPF, with entire buffers full of packets being delivered, and with a timeout to keep it from waiting forever for a buffer to fill up; I think that mode was introduce for the benefit of packet capture.) > I tried a timeout of 0, using pcap_set_timeout. But this ever called my > callback. In BPF, a timeout of 0 means "no timeout, just block until the store buffer fills up, even if that takes forever". _______________________________________________ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
