Databases
StackOverflow2013
Postsdbo
POAsynchronous libpcap: losing packets?
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POAsynchronous libpcap: losing packets?
    primarykey
    data
    text
    <p>I have a program that sends a set of TCP SYN packets to a host (using raw sockets) and uses <code>libpcap</code> (with a filter) to obtain the responses. I'm trying to implement this in an asynchronous I/O framework, but it seems that <code>libpcap</code> is missing some of the responses (namely the first packets of a series when it takes less than <code>100 microseconds</code> between the TCP SYN and the response). The pcap handle is setup like this:</p> <pre><code>pcap_t* pcap = pcap_open_live(NULL, -1, false, -1, errorBuffer); pcap_setnonblock(pcap, true, errorBuffer); </code></pre> <p>Then I add a filter (contained on the filterExpression string):</p> <pre><code>struct bpf_program filter; pcap_compile(pcap, &amp;filter, filterExpression.c_str(), false, 0); pcap_setfilter(pcap, &amp;filter); pcap_freecode(&amp;filter); </code></pre> <p>And on a loop, after sending each packet, I use select to know if I can read from libpcap:</p> <pre><code>int pcapFd = pcap_get_selectable_fd(pcap); fd_set fdRead; FD_ZERO(&amp;fdRead); FD_SET(pcapFd, &amp;fdRead); select(pcapFd + 1, &amp;fdRead, NULL, NULL, &amp;selectTimeout); </code></pre> <p>And read it:</p> <pre><code>if (FD_ISSET(pcapFd, &amp;fdRead)) { struct pcap_pkthdr* pktHeader; const u_char* pktData; if (pcap_next_ex(pcap, &amp;pktHeader, &amp;pktData) &gt; 0) { // Process received response. } else { // Nothing to receive (or error). } } </code></pre> <p>As I said before, some of the packets are missed (falling into the "nothing to receive" else). I know these packets are there, because I can capture them on a synchronous fashion (using <code>tcpdump</code> or a thread running <code>pcap_loop</code>). Am I missing some detail here? Or is this an issue with <code>libpcap</code>?</p>
    singulars
    1. PO
      singulars
      1. PTAnswer
    1. This table or related slice is empty.
    1. PTQuestion
    1. USbruno nery
    1. USbruno nery
    plurals
    1. PL
      singulars
      1. LTLinked
    1. PL
      singulars
      1. LTLinked
    1. This table or related slice is empty.
    1. PO
      singulars
      1. PTAnswer
    2. PO
      singulars
      1. PTAnswer
    1. VO
      singulars
      1. POAsynchronous libpcap: losing packets?
      1. This table or related slice is empty.
      1. VTUpMod
    2. VO
      singulars
      1. POAsynchronous libpcap: losing packets?
      1. This table or related slice is empty.
      1. VTUpMod
    3. VO
      singulars
      1. POAsynchronous libpcap: losing packets?
      1. This table or related slice is empty.
      1. VTUpMod
    1. COIt may be the case that you're sending too many requests too quickly, and the server is sending responses faster then you can handle them thus overloading the OS's network buffer and dropping packets. Or it's possible you're receiver socket is not set up in time to handle the initial responses. Can you verify that all the responses you assume you're receiving are actually getting there? Todo this run tcpdump on the same interface as your application simultaneously. If you see all the packets you expect in tcpdump and not in your application, you may have one of the problems above.
      singulars
      1. POAsynchronous libpcap: losing packets?
      1. USryanbwork
    2. COI've already done it (tcpdump on the side, but also pcap_loop a different thread), and all the packets were there. Thus, I don't believe I'm sending the responses too fast. How can I tell if my receiver socket (i.e. libpcap) is not yet setup? This would make sense since the lost responses are always the first one or two.
      singulars
      1. POAsynchronous libpcap: losing packets?
      1. USbruno nery
    3. COEven if you see the packets in tcpdump, they could still be dropped by OS if your application can't handle the rate they are received at. In the case that your application is starting after responses are already being sent, try adding some significant delay before sending the initial response from your server; if you successfully receive all responses, you've found your problem.
      singulars
      1. POAsynchronous libpcap: losing packets?
      1. USryanbwork
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload