On Apr 17, 2013, at 7:10 PM, wen lui <esolvepol...@gmail.com> wrote:
> I have a program, part of the source codes are:
>
> handle = pcap_open_live(dev, BUFSIZ, 0, 0, errbuf);
> pcap_compile(handle, &fp, filter_exp, 0, mask) == -1
> pcap_setfilter(handle, &fp);
> struct pcap_pkthdr pcap_header; // The header that pcap gives
> us
> const u_char *pcap_packet; // The actual packet
>
> while(1){
>
> n=fork();
> if(n==0) { // child process
...
> pcap_packet = pcap_next(pcap_handler,
> &pcap_header);
> then I notice that the pcap_header.len is 0
> what is the reason for this?
Probably because using the same pcap_t in either a parent and a child, or in
two children of the same parent, isn't guaranteed to work.
> I think the problem may be:
>
> 1) there are parent-child process relationship
Yes.
> can anyone give some suggestions on this? thanks!
Open separate pcap_t's in each process.
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
