I'm currently using libpcap to sniff traffic in promiscuous mode
我目前正在使用libpcap以混杂模式嗅探流量
int main()
{
// some stuff
printf("Opening device: %s\n", devname.c_str());
handle = pcap_open_live(devname.c_str(), 65536 , 1 , 0 , errbuf);
if (handle == NULL)
{
fprintf(stderr, "Couldn't open device %s : %s..." , devname.c_str(), errbuf);
return 1;
}
printf(" Done\n");
pcap_loop(handle , -1 , process_packet , NULL);
// here run a thread to do some stuff. however, pcap_loop is blocking
return 0;
}
I'd like to add an external thread to do some other stuff. How do I change the code above to make it non-blocking?
我想添加一个外部线程来做一些其他的事情。如何更改上面的代码使其非阻塞?
3 个解决方案
#1
3
When you use non-blocking mode on libpcap you have to use pcap_dispatch, but note, pcap_dispatch can work in blocking or in non-blocking mode, it depends how you set libpcap, to set libpcap to work in non-blocking you have use the function pcap_setnonblock:
在libpcap上使用非阻塞模式时,必须使用pcap_dispatch,但是注意,pcap_dispatch可以在阻塞模式中工作,或者在非阻塞模式中工作,这取决于如何设置libpcap,要将libpcap设置为在非阻塞模式中工作,必须使用函数pcap_setnonblock:
int pcap_setnonblock(pcap_t *p, int nonblock, char *errbuf);
The difference between blocking and non-blocking is not a loop that runs forever, but in blocking the function pcap_dispatch waits for a packet and only returns when this packet is received, however, in the non-blocking mode the function returns immediately and the callback must process the packet.
阻塞和非阻塞之间的区别不是一个永远运行的循环,而是在阻塞函数pcap_dispatch时等待一个包,只在接收到这个包时返回,但是在非阻塞模式下,函数立即返回,回调必须处理这个包。
In "non-blocking" mode, an attempt to read from the capture descriptor with pcap_dispatch() will, if no packets are currently available to be read, return 0 immediately rather than blocking waiting for packets to arrive. pcap_loop() and pcap_next() will not work in "non-blocking" mode.
在“非阻塞”模式中,尝试使用pcap_dispatch()从捕获描述符中读取数据,如果当前没有可用的包可以读取,那么将立即返回0,而不是阻塞等待数据包到达。pcap_loop()和pcap_next()将不能在“非阻塞”模式下工作。
http://www.tcpdump.org/manpages/pcap_setnonblock.3pcap.html
http://www.tcpdump.org/manpages/pcap_setnonblock.3pcap.html
#2
0
pcap_loop is meant to go on until all input ends. If you don't want that behavior, call pcap_dispatch in a loop instead. By definition pcap_loop will never return, its meant to always searching for more data.
pcap_loop的意思是直到所有输入结束。如果您不想要这种行为,可以在循环中调用pcap_dispatch。根据定义,pcap_loop将永远不会返回,它意味着总是搜索更多的数据。
#3
0
I use pcap_next_ex It returns a result indicating if a packet was read. This way I manage the acquisition my own thread. See an example here. The read_timeout in pcap_open also affects this function.
我使用pcap_next_ex它返回一个结果,指示是否读取了一个包。我用这种方式管理我自己的线程。看到一个例子。pcap_open中的read_timeout也会影响这个函数。
#1
3
When you use non-blocking mode on libpcap you have to use pcap_dispatch, but note, pcap_dispatch can work in blocking or in non-blocking mode, it depends how you set libpcap, to set libpcap to work in non-blocking you have use the function pcap_setnonblock:
在libpcap上使用非阻塞模式时,必须使用pcap_dispatch,但是注意,pcap_dispatch可以在阻塞模式中工作,或者在非阻塞模式中工作,这取决于如何设置libpcap,要将libpcap设置为在非阻塞模式中工作,必须使用函数pcap_setnonblock:
int pcap_setnonblock(pcap_t *p, int nonblock, char *errbuf);
The difference between blocking and non-blocking is not a loop that runs forever, but in blocking the function pcap_dispatch waits for a packet and only returns when this packet is received, however, in the non-blocking mode the function returns immediately and the callback must process the packet.
阻塞和非阻塞之间的区别不是一个永远运行的循环,而是在阻塞函数pcap_dispatch时等待一个包,只在接收到这个包时返回,但是在非阻塞模式下,函数立即返回,回调必须处理这个包。
In "non-blocking" mode, an attempt to read from the capture descriptor with pcap_dispatch() will, if no packets are currently available to be read, return 0 immediately rather than blocking waiting for packets to arrive. pcap_loop() and pcap_next() will not work in "non-blocking" mode.
在“非阻塞”模式中,尝试使用pcap_dispatch()从捕获描述符中读取数据,如果当前没有可用的包可以读取,那么将立即返回0,而不是阻塞等待数据包到达。pcap_loop()和pcap_next()将不能在“非阻塞”模式下工作。
http://www.tcpdump.org/manpages/pcap_setnonblock.3pcap.html
http://www.tcpdump.org/manpages/pcap_setnonblock.3pcap.html
#2
0
pcap_loop is meant to go on until all input ends. If you don't want that behavior, call pcap_dispatch in a loop instead. By definition pcap_loop will never return, its meant to always searching for more data.
pcap_loop的意思是直到所有输入结束。如果您不想要这种行为,可以在循环中调用pcap_dispatch。根据定义,pcap_loop将永远不会返回,它意味着总是搜索更多的数据。
#3
0
I use pcap_next_ex It returns a result indicating if a packet was read. This way I manage the acquisition my own thread. See an example here. The read_timeout in pcap_open also affects this function.
我使用pcap_next_ex它返回一个结果,指示是否读取了一个包。我用这种方式管理我自己的线程。看到一个例子。pcap_open中的read_timeout也会影响这个函数。