Hi Guy,
This is very interesting indeed !
I was using snap len as 350 bytes and the processor was bouncing off limits.
I am using BUFSIZ as the packet capture size and my processor utilization !
Is this a bug in pcap ?
I thought may be I should try 512 (4 byte boundary) and it should also give
low
Status : bug fixed.
-
Abhinav
On Sat, Apr 20, 2013 at 12:51 AM, abhinav narain
wrote:
>
> Hi guy,
> I have strace of both tcpdump and mac-analyzer(my tool) from the router
> attached.
>
> I cannot understand why the file descriptor number is different in tcpdump
> and my tool
> (3 and 4) respect
Hi guy,
I have strace of both tcpdump and mac-analyzer(my tool) from the router
attached.
I cannot understand why the file descriptor number is different in tcpdump
and my tool
(3 and 4) respectively.
Is this is of any significance ?
I am run both the tools on the same interface created by using
Hi Guy,
This is one thing I am confused about.
I am right now setting the sigprocmask
in the callback function :
pkt_callback(...){
if (sigprocmask(SIG_BLOCK, &block_set, NULL) < 0) {
perror("sigprocmask");
exit(1);
}
code ...
if (sigprocmask(SIG_UNBLOCK, &block_set, NULL) < 0) {
On Thu, Apr 18, 2013 at 8:37 AM, abhinav narain
wrote:
> hi Guy,
>
> What happens if you eliminate that (and any code paths that eliminating
>> that breaks)?
>>
>>
The biggest issue for me to understand is, why is the CPU usage going up
when
two instances of the tool run simultaneously. It doesn't
hi Guy,
> What happens if you eliminate that (and any code paths that eliminating
> that breaks)?
>
> That seems to be the biggest difference between your code and tcpdump's
> code (both your program and tcpdump use pcap_loop() as their main loops).
I turned off SIGPROCMASK stuff ... it did not
On Apr 17, 2013, at 8:03 PM, abhinav narain wrote:
> The other fancy thing which I am doing is setting a SIGPROCMASK to capture
> alarms
> to get to a handler which writes into the file every x minute(and if the
> table is full)
What happens if you eliminate that (and any code paths that elim
Hi Guy,
Thanks for clearing this
> It does absolutely nothing whatsoever to discover whether there are other
> versions of tcpdump are running.
Ok
> Am I right to say that the two processes spin on some shared resource ?
>
> Given that I don't know what routines in the programs or libraries the
On Apr 17, 2013, at 7:11 PM, abhinav narain wrote:
> I am curious to know if tcpdump does something
> interesting to deal with such situation (I dint find anything
> when I last read the code..couple of months back)
It does absolutely nothing whatsoever to discover whether there are other
ve
Thanks for replying on this, as I am actually helpless on this issue for
days now.
As you're saying "libpcap" rather than WinPcap, I'm assuming this is some
> flavor of UN*X, such as Linux.
>
> You are right, its running 2.6.32 on OpenWrt.
> Could you build a profiled version of your tool (compi
On Apr 17, 2013, at 3:57 PM, abhinav narain wrote:
> Can someone explain this behavior ?
As you're saying "libpcap" rather than WinPcap, I'm assuming this is some
flavor of UN*X, such as Linux.
Could you build a profiled version of your tool (compile with "-pg") and then
run gprof on the to
hi everyone,
I have written my own data collection tool, for custom needs using
libpcap for wireless interfaces(2.4,5 GHz) on a router.
I could not find any flag in tcpdump that i can collect only x
number of mgmt packets, y number of control packets and
the rest data packets.
The issue i face is
12 matches
Mail list logo
