to_ms = -1 在 winpcap 和 linux libpcap 上做什么?

What does to_ms = -1 do on winpcap and linux libpcap?

我正在尝试将基于 libpcap 的程序移植到 macos,它似乎是为 windows 和 linux 编写的。在 pcap_open_live 函数中,读取超时设置为 -1,与 PacketOpen 相同,在 macOS 上,这会在尝试打开界面时导致错误,BIOCSRTIMEOUT: Invalid Argument。我找不到任何关于 -1 读取超时实际作用的文档。另外,是否有此版本允许我在基于 BPF 的 libpcap 上做同样的事情?

What does to_ms = -1 do on winpcap and linux libpcap?

没有什么可以预测的。引用 tip-of-the-master-branch pcap(3pcap) 手册页:

   packet buffer timeout
      If,  when  capturing,  packets  are  delivered  as  soon as they
      arrive, the application capturing the packets will be  woken  up
      for  each  packet  as  it arrives, and might have to make one or
      more calls to the operating system to fetch each packet.

      If, instead, packets are not delivered as soon as  they  arrive,
      but  are  delivered after a short delay (called a "packet buffer
      timeout"), more than one packet can be  accumulated  before  the
      packets are delivered, so that a single wakeup would be done for
      multiple packets, and each set of calls made  to  the  operating
      system  would  supply  multiple  packets,  rather  than a single
      packet.  This reduces the per‐packet CPU overhead if packets are
      arriving  at  a  high rate, increasing the number of packets per
      second that can be captured.

      The packet buffer timeout is required  so  that  an  application
      won’t  wait for the operating system’s capture buffer to fill up
      before packets are delivered; if packets  are  arriving  slowly,
      that wait could take an arbitrarily long period of time.

      Not  all platforms support a packet buffer timeout; on platforms
      that don’t, the packet buffer timeout is ignored.  A zero  value
      for the timeout, on platforms that support a packet buffer time‐
      out, will cause a read to wait forever to allow  enough  packets
      to arrive, with no timeout.

      NOTE:  the  packet  buffer timeout cannot be used to cause calls
      that read packets to return within a  limited  period  of  time,
      because, on some platforms, the packet buffer timeout isn’t sup‐
      ported, and, on other platforms, the timer doesn’t  start  until
      at  least one packet arrives.  This means that the packet buffer
      timeout should NOT be  used,  for  example,  in  an  interactive
      application  to  allow  the  packet capture loop to ‘‘poll’’ for
      user input periodically, as there’s no  guarantee  that  a  call
      reading packets will return after the timeout expires even if no
      packets have arrived.

那里没有提到负超时;我将对其进行更新以明确说明不应使用负值。 (不在 Windows,不在 macOS,不在 Linux,不在 *BSD,不在 Solaris,不在 AIX,不在 HP-UX,不在 Tru64 UNIX,不在 IRIX,不在任何.)

通过将超时设置为 -1,他们可能 打算 pcap_t 放入 "non-blocking mode",其中尝试读取将 return 如果没有数据包等待读取,则立即,而不是等待数据包到达。因此,改为提供超时,例如 100(表示 1/10 秒)并在 pcap_open_live() 调用后使用 pcap_setnonblock()pcap_t 置于非阻塞模式。这应该适用于所有 平台。