I saw this kind of code used in a project:
while (1)
{
l_numPkts = pcap_next_ex( m_pcapHandle, &header, &pkt_data);
//do something
memcpy(dst,pkt_data,size);
}
after the pcap_next_ex return,the packet status will be set TP_STATUS_KERNEL,which means the buf was return to kernel. code:
/* next packet */
switch (handle->md.tp_version) {
c开发者_StackOverflow社区ase TPACKET_V1:
h.h1->tp_status = TP_STATUS_KERNEL;
..
in some high speed environment,will it get a memory problem?
and what is the correct way to use pcap_next / pcap_next_ex?
I freezed on this problem in python with winpcapy (1.9.2009) and WinPcap 4.1.0.2001.
I solved it simply by creating copy of packet data array (as suggested by memcpy mentioned in question).
pkt_data = pkt_data[:header.contents.len]
Not sure if it's correct but works for me at the moment.
And based on answer at winpcap papermail this what pkt_data references to should persist until next call of pcap_next_ex (or other dispatch method). If i got it right, because it uses one buffer for more/all packets and so it can be reused for other/last packets?
Q.
char errbuff[10000];
pcap_t * handler = pcap_open_offline(argv[1], errbuff);
struct pcap_pkthdr *header;
u_char *packet;
while (pcap_next_ex(handler, &header, &packet) >= 0)
{
printf("len %d:\n",header->len);
... YOUR CODE
}
精彩评论