libpcap 是否支持丢包检测? [Centos 6.6/3.10 kernel/libpcap 1.6.2]
libpcap dropped packet detection supported? [Centos 6.6/3.10 kernel/libpcap 1.6.2]
我的应用程序混杂地嗅探以太网接口上的数据包(使用编译的数据包过滤器),我想知道是否有任何数据包被丢弃并且没有进入我的应用程序缓冲区。
pcap_stats 的联机帮助页含糊不清,可能(或可能不会)解释该功能。
那么如何确定我的内核、发行版和 libpcap 的特定组合是否支持丢包检测?
The statistics do not behave the same way on all platforms. ps_recv
might count packets whether they passed any filter set with
pcap_setfilter(3PCAP) or not, or it might count only packets that pass
the filter. It also might, or might not, count packets dropped because
there was no room in the operating system's buffer when they arrived.
ps_drop is not available on all platforms; it is zero on platforms
where it's not available. If packet filtering is done in libpcap,
rather than in the operating system, it would count packets that don't
pass the filter. Both ps_recv and ps_drop might, or might not, count
packets not yet read from the operating system and thus not yet seen
by the application. ps_ifdrop might, or might not, be implemented; if
it's zero, that might mean that no packets were dropped by the
interface, or it might mean that the statistic is unavailable, so it
should not be treated as an indication that the interface did not drop
any packets.
$ uname -a
Linux dvstorblackXS 3.10.80-1.el6.elrepo.i686 #1 SMP Sun Jun 7 08:15:14 EDT 2015 i686 i686 i386 GNU/Linux
$ ldd *myApplicationBinary*
libpcap.so.1 => /usr/local/lib/libpcap.so.1 (0xb76e2000)
$ ls -l /usr/local/lib/libpcap.*
-rw-r--r-- 1 root root 774522 Mar 5 2016 /usr/local/lib/libpcap.a
lrwxrwxrwx 1 root root 12 Mar 5 2016 /usr/local/lib/libpcap.so -> libpcap.so.1
lrwxrwxrwx 1 root root 16 Mar 5 2016 /usr/local/lib/libpcap.so.1 -> libpcap.so.1.6.2
-rwxr-xr-x 1 root root 572307 Mar 5 2016 /usr/local/lib/libpcap.so.1.6.2
$ cat /etc/redhat-release
CentOS release 6.6 (Final)
根据 comments on the libpcap source:
Reports the number of dropped packets iff the kernel supports
the PACKET_STATISTICS "getsockopt()" argument (2.4 and later
kernels, and 2.2[.x] kernels with Alexey Kuznetzov's turbopacket
patches); otherwise, that information isn't available, and we lie
and report 0 as the count of dropped packets.
这似乎是关于 ps_drop 的报告:
"ps_drop" counts packets dropped because we ran
out of buffer space. It doesn't count packets
dropped by the interface driver. It counts only
packets that passed the filter.
ps_ifdrop 似乎任何内核版本都支持。它报告:
It will return the number
of drops the interface reports in /proc/net/dev,
if that is available.
因此,您可以通过 ps_drop + ps_ifdrop.
获取环境中丢弃的数据包数
我的应用程序混杂地嗅探以太网接口上的数据包(使用编译的数据包过滤器),我想知道是否有任何数据包被丢弃并且没有进入我的应用程序缓冲区。
pcap_stats 的联机帮助页含糊不清,可能(或可能不会)解释该功能。
那么如何确定我的内核、发行版和 libpcap 的特定组合是否支持丢包检测?
The statistics do not behave the same way on all platforms. ps_recv might count packets whether they passed any filter set with pcap_setfilter(3PCAP) or not, or it might count only packets that pass the filter. It also might, or might not, count packets dropped because there was no room in the operating system's buffer when they arrived. ps_drop is not available on all platforms; it is zero on platforms where it's not available. If packet filtering is done in libpcap, rather than in the operating system, it would count packets that don't pass the filter. Both ps_recv and ps_drop might, or might not, count packets not yet read from the operating system and thus not yet seen by the application. ps_ifdrop might, or might not, be implemented; if it's zero, that might mean that no packets were dropped by the interface, or it might mean that the statistic is unavailable, so it should not be treated as an indication that the interface did not drop any packets.
$ uname -a
Linux dvstorblackXS 3.10.80-1.el6.elrepo.i686 #1 SMP Sun Jun 7 08:15:14 EDT 2015 i686 i686 i386 GNU/Linux
$ ldd *myApplicationBinary*
libpcap.so.1 => /usr/local/lib/libpcap.so.1 (0xb76e2000)
$ ls -l /usr/local/lib/libpcap.*
-rw-r--r-- 1 root root 774522 Mar 5 2016 /usr/local/lib/libpcap.a
lrwxrwxrwx 1 root root 12 Mar 5 2016 /usr/local/lib/libpcap.so -> libpcap.so.1
lrwxrwxrwx 1 root root 16 Mar 5 2016 /usr/local/lib/libpcap.so.1 -> libpcap.so.1.6.2
-rwxr-xr-x 1 root root 572307 Mar 5 2016 /usr/local/lib/libpcap.so.1.6.2
$ cat /etc/redhat-release
CentOS release 6.6 (Final)
根据 comments on the libpcap source:
Reports the number of dropped packets iff the kernel supports
the PACKET_STATISTICS "getsockopt()" argument (2.4 and later
kernels, and 2.2[.x] kernels with Alexey Kuznetzov's turbopacket
patches); otherwise, that information isn't available, and we lie
and report 0 as the count of dropped packets.
这似乎是关于 ps_drop 的报告:
"ps_drop" counts packets dropped because we ran
out of buffer space. It doesn't count packets
dropped by the interface driver. It counts only
packets that passed the filter.
ps_ifdrop 似乎任何内核版本都支持。它报告:
It will return the number
of drops the interface reports in /proc/net/dev,
if that is available.
因此,您可以通过 ps_drop + ps_ifdrop.