to_ms = -1 在 winpcap 和 linux libpcap 上做什么?
What does to_ms = -1 do on winpcap and linux libpcap?
我正在尝试将基于 libpcap 的程序移植到 macos,它似乎是为 windows 和 linux 编写的。在 pcap_open_live 函数中,读取超时设置为 -1,与 PacketOpen 相同,在 macOS 上,这会在尝试打开界面时导致错误,BIOCSRTIMEOUT: Invalid Argument。我找不到任何关于 -1 读取超时实际作用的文档。另外,是否有此版本允许我在基于 BPF 的 libpcap 上做同样的事情?
What does to_ms = -1 do on winpcap and linux libpcap?
没有什么可以预测的。引用 tip-of-the-master-branch pcap(3pcap) 手册页:
packet buffer timeout
If, when capturing, packets are delivered as soon as they
arrive, the application capturing the packets will be woken up
for each packet as it arrives, and might have to make one or
more calls to the operating system to fetch each packet.
If, instead, packets are not delivered as soon as they arrive,
but are delivered after a short delay (called a "packet buffer
timeout"), more than one packet can be accumulated before the
packets are delivered, so that a single wakeup would be done for
multiple packets, and each set of calls made to the operating
system would supply multiple packets, rather than a single
packet. This reduces the per‐packet CPU overhead if packets are
arriving at a high rate, increasing the number of packets per
second that can be captured.
The packet buffer timeout is required so that an application
won’t wait for the operating system’s capture buffer to fill up
before packets are delivered; if packets are arriving slowly,
that wait could take an arbitrarily long period of time.
Not all platforms support a packet buffer timeout; on platforms
that don’t, the packet buffer timeout is ignored. A zero value
for the timeout, on platforms that support a packet buffer time‐
out, will cause a read to wait forever to allow enough packets
to arrive, with no timeout.
NOTE: the packet buffer timeout cannot be used to cause calls
that read packets to return within a limited period of time,
because, on some platforms, the packet buffer timeout isn’t sup‐
ported, and, on other platforms, the timer doesn’t start until
at least one packet arrives. This means that the packet buffer
timeout should NOT be used, for example, in an interactive
application to allow the packet capture loop to ‘‘poll’’ for
user input periodically, as there’s no guarantee that a call
reading packets will return after the timeout expires even if no
packets have arrived.
那里没有提到负超时;我将对其进行更新以明确说明不应使用负值。 (不在 Windows,不在 macOS,不在 Linux,不在 *BSD,不在 Solaris,不在 AIX,不在 HP-UX,不在 Tru64 UNIX,不在 IRIX,不在任何.)
通过将超时设置为 -1,他们可能 打算 将 pcap_t
放入 "non-blocking mode",其中尝试读取将 return 如果没有数据包等待读取,则立即,而不是等待数据包到达。因此,改为提供超时,例如 100(表示 1/10 秒)并在 pcap_open_live()
调用后使用 pcap_setnonblock()
将 pcap_t
置于非阻塞模式。这应该适用于所有 平台。
我正在尝试将基于 libpcap 的程序移植到 macos,它似乎是为 windows 和 linux 编写的。在 pcap_open_live 函数中,读取超时设置为 -1,与 PacketOpen 相同,在 macOS 上,这会在尝试打开界面时导致错误,BIOCSRTIMEOUT: Invalid Argument。我找不到任何关于 -1 读取超时实际作用的文档。另外,是否有此版本允许我在基于 BPF 的 libpcap 上做同样的事情?
What does to_ms = -1 do on winpcap and linux libpcap?
没有什么可以预测的。引用 tip-of-the-master-branch pcap(3pcap) 手册页:
packet buffer timeout
If, when capturing, packets are delivered as soon as they
arrive, the application capturing the packets will be woken up
for each packet as it arrives, and might have to make one or
more calls to the operating system to fetch each packet.
If, instead, packets are not delivered as soon as they arrive,
but are delivered after a short delay (called a "packet buffer
timeout"), more than one packet can be accumulated before the
packets are delivered, so that a single wakeup would be done for
multiple packets, and each set of calls made to the operating
system would supply multiple packets, rather than a single
packet. This reduces the per‐packet CPU overhead if packets are
arriving at a high rate, increasing the number of packets per
second that can be captured.
The packet buffer timeout is required so that an application
won’t wait for the operating system’s capture buffer to fill up
before packets are delivered; if packets are arriving slowly,
that wait could take an arbitrarily long period of time.
Not all platforms support a packet buffer timeout; on platforms
that don’t, the packet buffer timeout is ignored. A zero value
for the timeout, on platforms that support a packet buffer time‐
out, will cause a read to wait forever to allow enough packets
to arrive, with no timeout.
NOTE: the packet buffer timeout cannot be used to cause calls
that read packets to return within a limited period of time,
because, on some platforms, the packet buffer timeout isn’t sup‐
ported, and, on other platforms, the timer doesn’t start until
at least one packet arrives. This means that the packet buffer
timeout should NOT be used, for example, in an interactive
application to allow the packet capture loop to ‘‘poll’’ for
user input periodically, as there’s no guarantee that a call
reading packets will return after the timeout expires even if no
packets have arrived.
那里没有提到负超时;我将对其进行更新以明确说明不应使用负值。 (不在 Windows,不在 macOS,不在 Linux,不在 *BSD,不在 Solaris,不在 AIX,不在 HP-UX,不在 Tru64 UNIX,不在 IRIX,不在任何.)
通过将超时设置为 -1,他们可能 打算 将 pcap_t
放入 "non-blocking mode",其中尝试读取将 return 如果没有数据包等待读取,则立即,而不是等待数据包到达。因此,改为提供超时,例如 100(表示 1/10 秒)并在 pcap_open_live()
调用后使用 pcap_setnonblock()
将 pcap_t
置于非阻塞模式。这应该适用于所有 平台。