[Winpcap-users] pcap_loop pointers
Gianluca Varenni
gianluca.varenni at cacetech.com
Tue Sep 18 17:56:58 GMT 2007
----- Original Message -----
From: ceo at triplebit.com
To: Gianluca Varenni ; winpcap-users at winpcap.org
Sent: Tuesday, September 18, 2007 10:07 AM
Subject: Re: [Winpcap-users] pcap_loop pointers
Thanks GV,
Another phenomena bathers me and I'd like to have your advise of possible-
I let my VC++ application to run and it transmits TCP packets.
I sniff with Ethereal while sniffing concurrently with my application and I filter into a dump file only payload data packets. I encounter the following anomalies-
1. My applications misses packets from time to time.
If your application is not fast enough at processing packets, the WinPcap capture can definitely lose packets. Please check the dropped packets count in the statistics returned by pcap_stats and pcap_stats_ex
2. The ACK in my application packets are always 0.
Is this what you see in wireshark/ethereal? As far as I remember wireshark normalizes the ACK values to be 0-based. If you look in the middle pane of wireshark, if the ACK are normalized, they are marked as "(relative ack number)" (at least on an recent version of Wireshark).
Hope it helps
GV
Can you explain that and possible suggest some workaround?
Regards
I. Lesher
----- Original Message -----
From: Gianluca Varenni
To: ceo at triplebit.com ; winpcap-users at winpcap.org
Sent: Tuesday, September 18, 2007 5:34 PM
Subject: Re: [Winpcap-users] pcap_loop pointers
No, you cannot use global pointers.
Although those pointers are valid throughout the life of the pcap handle (valid in the sense that they point to a valid memory location), as soon as your pcap_loop callback function returns, the contents of such memory are overwritten.
The *ONLY* way to preserve a packet passed to the pcap_loop callback is to copy the packet into some memory buffer allocated by your application.
Have a nice day
GV
----- Original Message -----
From: ceo at triplebit.com
To: Gianluca Varenni ; winpcap-users at winpcap.org
Sent: Tuesday, September 11, 2007 9:07 AM
Subject: Re: [Winpcap-users] pcap_loop pointers
Thanks GV,
I experimented a little and saw that if I assign global pointers with the outcome pointers values from the function, they sustain to point to the original pointers data even if I leave the function.
Does that make sense with your reply?
Can I use these global pointers values after returning from the function?
Regards
I. Lesher
----- Original Message -----
From: Gianluca Varenni
To: ceo at triplebit.com ; winpcap-users at winpcap.org
Sent: Tuesday, September 11, 2007 8:34 AM
Subject: Re: [Winpcap-users] pcap_loop pointers
----- Original Message -----
From: ceo at triplebit.com
To: winpcap-users at winpcap.org
Sent: Monday, September 10, 2007 6:13 AM
Subject: [Winpcap-users] pcap_loop pointers
I think that my question represents also other users.
When using the function "pcap_loop" the system uses the fallowing callback
whenever a packet arrives -
typedef void(* pcap_handler)(u_char *user, const struct pcap_pkthdr
*pkt_header, const u_char *pkt_data)
My questions-
1. I saw that the pointers pkt_data and pkt_header differ from packet to
packet.
Does that mean that the data on which they point occupies different area in
memory?
Yes.
2. How do I know if the data pointed by them is still valid in a certain
moment?
Those pointers are valid *only* in the context of the pcap_handler callback. Packets are reused as soon as the pcap_handler callback returns.
Have a nice day
GV
Regards
I. Lesher
----------------------------------------------------------------------
_______________________________________________
Winpcap-users mailing list
Winpcap-users at winpcap.org
https://www.winpcap.org/mailman/listinfo/winpcap-users
------------------------------------------------------------------------------
_______________________________________________
Winpcap-users mailing list
Winpcap-users at winpcap.org
https://www.winpcap.org/mailman/listinfo/winpcap-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.winpcap.org/pipermail/winpcap-users/attachments/20070918/180f4c4d/attachment-0001.htm
More information about the Winpcap-users
mailing list