Hi Guy and Stephen, Thanks for this info. I've been trying to get argus working with DAG for a while. Based on your suggestions I guess I should quit doing that. What I'm really doing is to monitor border traffic with an inbound link and an outbound link. I'm trying to use DAG card to merge the traffic and feed it to Argus. But if argus is not possible to work with DAG, I guess I have no other options now....
On 1/9/08, Stephen Donnelly <[EMAIL PROTECTED]> wrote: > > On Wed, 2008-01-09 at 17:25 -0800, Guy Harris wrote: > > On Jan 9, 2008, at 3:37 PM, lei wei wrote: > > > > > I'm actually trying to get Argus working with DAG but argus still > > > can't read > > > anything from it. > > > > From a quick look at the source to Argus 2.0.6, it appears to be > > assuming that you can do a select() on the result of pcap_fileno(), > > which, as far as I know, is *NOT* the case for DAG devices; I don't > > think the DAG driver supports select() or poll(). That might cause it > > (and other applications using select() or poll() on pcap streams) > > never to see any incoming packets, or to fail in other ways. > > > > Newer versions of libpcap (including 0.9.x) have > > pcap_get_selectable_fd(), which returns a file descriptor on which you > > can do select(), if such a descriptor exists, or -1, if no such file > > descriptor exists. > > I agree. From ArgusGetPackets() in ArgusOutput.c it appears that Argus > is intended to operate over multiple pcap interfaces, but incorrectly > assumes that pcap descriptors are always selectable. > > Because Argus does not check for selectable descriptors and work around > any non-selectable descriptors it is not possible to use Argus with DAG > cards without further modification. > > Curiously under CYGWIN it does not assume selectable descriptors, but > apparently works with only one interface in this case. It may be > possible to use this as the basis for non-selectable descriptors in > general. > > Stephen. > -- > ----------------------------------------------------------------------- > Stephen Donnelly BCMS PhD email: [EMAIL PROTECTED] > Endace Technology Ltd phone: +64 7 839 0540 > Hamilton, New Zealand cell: +64 21 1104378 > ----------------------------------------------------------------------- > > - > This is the tcpdump-workers list. > Visit https://cod.sandelman.ca/ to unsubscribe. > -- Wei, Lei Department of Computer Science University of North Carolina at Chapel Hill, NC 27599-3175 - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
