Databases
StackOverflow2013
Postsdbo
POAsynchronous libpcap: losing packets?
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POAsynchronous libpcap: losing packets?
    text
    copied!<p>I have a program that sends a set of TCP SYN packets to a host (using raw sockets) and uses <code>libpcap</code> (with a filter) to obtain the responses. I'm trying to implement this in an asynchronous I/O framework, but it seems that <code>libpcap</code> is missing some of the responses (namely the first packets of a series when it takes less than <code>100 microseconds</code> between the TCP SYN and the response). The pcap handle is setup like this:</p> <pre><code>pcap_t* pcap = pcap_open_live(NULL, -1, false, -1, errorBuffer); pcap_setnonblock(pcap, true, errorBuffer); </code></pre> <p>Then I add a filter (contained on the filterExpression string):</p> <pre><code>struct bpf_program filter; pcap_compile(pcap, &amp;filter, filterExpression.c_str(), false, 0); pcap_setfilter(pcap, &amp;filter); pcap_freecode(&amp;filter); </code></pre> <p>And on a loop, after sending each packet, I use select to know if I can read from libpcap:</p> <pre><code>int pcapFd = pcap_get_selectable_fd(pcap); fd_set fdRead; FD_ZERO(&amp;fdRead); FD_SET(pcapFd, &amp;fdRead); select(pcapFd + 1, &amp;fdRead, NULL, NULL, &amp;selectTimeout); </code></pre> <p>And read it:</p> <pre><code>if (FD_ISSET(pcapFd, &amp;fdRead)) { struct pcap_pkthdr* pktHeader; const u_char* pktData; if (pcap_next_ex(pcap, &amp;pktHeader, &amp;pktData) &gt; 0) { // Process received response. } else { // Nothing to receive (or error). } } </code></pre> <p>As I said before, some of the packets are missed (falling into the "nothing to receive" else). I know these packets are there, because I can capture them on a synchronous fashion (using <code>tcpdump</code> or a thread running <code>pcap_loop</code>). Am I missing some detail here? Or is this an issue with <code>libpcap</code>?</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload