With some investigation, I found a solution, so there may need to be a libpcap code modification for mac os x? In order to get around my problem I had to call:
ioctl(pcap_fileno(fd, BIOCIMMEDIATE, &v) To get a BIOCIMMEDIATE definition, I needed the real net/bpf.h, and because that uses _IOW, I had to include <sys/ioctl.h>, so ...... in my code I had to do this: #define PCAP_DONT_INCLUDE_PCAP_BPF_H #include <sys/ioctl.h> #include <net/bpf.h> prior to including pcap.h, and then just after the pcap_open_live() I called the ioctl() above. The comments in pcap-bpf.c do mention this as an issue on a few platforms. Possibly mac os x is one of them? Carter > From: Carter Bullard <[EMAIL PROTECTED]> > Reply-To: <[EMAIL PROTECTED]> > Date: Sat, 07 Aug 2004 15:41:10 -0400 > To: <[EMAIL PROTECTED]> > Subject: [tcpdump-workers] mac os x buffering packets? > > Gentle people, > Apologies if this a known problem. > > On mac os x 10.3.4, using libpcap-0.8.3, opening pcap with > pcap_open_live(dev, 96, 1, 1000, errbuf) and reading packets with > pcap_loop (pd, 1, callback, user), packets are queued until some > magic number (looks to be 200) of packets is reached, and then I get > them all. This can take however long it takes for this threshold > to be reached (I've waited an hour). > > Anything that can be done to get packets a little sooner? > > Carter > > > - > This is the tcpdump-workers list. > Visit https://lists.sandelman.ca/ to unsubscribe. > - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
