Hi guys,
I'm doing a simple packet capture and process stuff in wifi using openwrt. (Atheros AR7240 CPU, Atheros AR9331 integrated wifi) When I create a monitor interface using iw I can see the captured packets in ifconfig or /proc/net/dev. The thing is, it works A LOT better if I also generate traffic in a second wifi interface (connecting to any wifi network). For example, if my code prints something per packet to the screen, because I use a ssh session to view the printed lines (this gives me the generated traffic), the count of captured packets keep increasing) If I don't print anything per packet, but print something per 1000 packets, thus getting a lot less traffic in the wifi ssh session, me code takes a LOT longer to reach, for example, 10.000 packets. (The difference is <10 seconds with "traffic" and > 30 seconds without "traffic") I've been testing with different kernels, libpcap versions and mac80211 versions. The best setup is kernel 3.3.8 with libpcap 1.3 (haven't compiled anything greater than 1.3) and mac80211 3.3.8+2012-09-07-3. For example, using kernel > 3.8 with mac80211 from this year (2013), my code doesn't see any packets besides the ones it TXs ( no matter if its a monitor interface, in promiscuous mode or not, that is capturing) Has anyone got a clue of what can be wrong? My goal is to get as much of captured packets in my code as seen in /proc/net/dev. I know that if my pcap_dispatch routine gets too long to process, the PF_SOCKET ring buffer fills up and unprocessed packets get dropped. But I see no packets getting into my code, besides my own ones, using anything from kernel 3.8 and up. I get decent number of packets with kernel 3.3.8 but I have to "generate" traffic.. And I tested the number of captured packets using the most simple pcap_dispatch routine I know (nonblocktest example from the repo). Thanks in advance. _______________________________________________ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers