<div dir="ltr"><br><div class="gmail_extra"><div class="gmail_quote">On Tue, Apr 23, 2013 at 12:10 AM, Gisle Vanem <span dir="ltr"><<a href="mailto:gvanem@broadpark.no" target="_blank">gvanem@broadpark.no</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div class="im"><br></div>
I forgot to ask how you compile and link with the WinPcap and Packet APIs. And what compiler; MSVC or MingW or something else.</blockquote></div></div><div class="gmail_extra"><br></div><div class="gmail_extra">Hi, thanks for having a look at my problem, it's very appreciated. I am currently using the 32 bit compiler on Visual Studio Express 2008 on Windows 7 x64, and later I will try the 64 bit compiler on Visual Studio 2008 Pro. My project is configured using CMake and built in Release mode. It links to wpcap.lib.<br>
</div><div class="gmail_extra"><br></div><div class="gmail_extra">My project does not have LIBPCAP_EXPORTS, so this means it is using:<br><br> #define pcap_fopen_offline(f,b) \<br>
pcap_hopen_offline(_get_osfhandle(_fileno(f)), b)<br></div><div class="gmail_extra"><br></div><div class="gmail_extra">I took a look at the implementation of pcap_hopen_offline(). I see that it takes the input FILE* and creates a new FILE* using a series of function calls:<br>
<br></div><div class="gmail_extra">_fileno()<br></div><div class="gmail_extra">_get_osfhandle()<br>_open_osfhandle()<br>_fdopen()<br><br></div><div class="gmail_extra">So, if I understand correctly, it is creating a new FILE* that is relative to its own CRT. I think that means I can no longer use any information I query about the original input FILE*, because winpcap has created its own FILE* stream to read from.<br>
<br>So that leads me to think that my plan to use ftell() to record file positions of packets, and fseek() to jump to the begining of packets, is not going to work on Windows. What do you think? Is there a different way to use winpcap to seek to packets in a save file without reading each packet in sequential order starting at the beginning?<br>
</div><div class="gmail_extra"><br>Pat<br></div><div class="gmail_extra"><br></div></div>