> I have a problem with pcap 0.6.2-9 under RedHat 7.2. I wrote a program which
> allow users to test filters given by them. I do it by pcap_open_dead(),
> pcap_compile()and pcap_close(). Everything is OK when it was good filter or
> if it was bad filter when an error is not in expresion [ezpr:size]. In that
> case after about 10 to 15 checks pcap give me an error that says "there is
> not enough registers....".
There's a "register" leak in the capture-filter code generator that
shows up with "[expr:size]" expressions. "Registers" (which are
actually scratch memory locations in the BPF machine; that's why I put
"register" in quotes) can be leaked regardless of whether the expression
is valid or not; it's not a question of bad filters.
> Can you help me with these?
Either
1) have your program check only *one* filter, and run the
program again to test another filter
or
2) add the line
free_reg(a0->regno);
in the "gen_arth()" function in "gencode.c" in the libpcap
source, recompile the libpcap source, and install the
libraries generated by the recompilation.
> I have other question. My pcap gives me time of packets arrival rounded to
> 10 ms period. Can I make it lower. I'm interested to lower it to 0.5ms.
The time stamps libpcap gives you are the time stamps the OS kernel
gives libpcap; you'd have to configure the kernel to use a
higher-resolution timer for time stamping. I think there might be a
configuration option for that, for machines with the right kind of
hardware, but I don't know what that configuration option is and don't
remember what the hardware is.
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
