2 回答
TA贡献1789条经验 获得超10个赞
你好,我也碰到了类似问题,在redhat下,不到超时就返回了,检查了一下返回值是0,也就是说读到了EOF,但是相同程序在ubuntu下运行就可以在指定时间后返回,建议你查一下返回值,换一个平台或者重新安装包。
TA贡献1921条经验 获得超9个赞
代码里面的user和参数的filename没有看到你怎么定义的。
用pcap_loop或者pcap_next相关的函数试试看。
另外,你根据帮助文档看看,尤其是检测一下返回值。这系列相关的函数和平台版本等都有关系的。
NAME
pcap_loop, pcap_dispatch - process packets from a live capture or save-
file
SYNOPSIS
#include <pcap/pcap.h>
typedef void (*pcap_handler)(u_char *user, const struct pcap_pkthdr *h,
const u_char *bytes);
int pcap_loop(pcap_t *p, int cnt,
pcap_handler callback, u_char *user);
int pcap_dispatch(pcap_t *p, int cnt,
pcap_handler callback, u_char *user);
DESCRIPTION
pcap_loop() processes packets from a live capture or ``savefile'' until
cnt packets are processed, the end of the ``savefile'' is reached when
reading from a ``savefile'', pcap_breakloop() is called, or an error
occurs. It does not return when live read timeouts occur. A value of
-1 or 0 for cnt is equivalent to infinity, so that packets are pro-
cessed until another ending condition occurs.
pcap_dispatch() processes packets from a live capture or ``savefile''
until cnt packets are processed, the end of the current bufferful of
packets is reached when doing a live capture, the end of the ``save-
file'' is reached when reading from a ``savefile'', pcap_breakloop() is
called, or an error occurs. Thus, when doing a live capture, cnt is
the maximum number of packets to process before returning, but is not a
minimum number; when reading a live capture, only one bufferful of
packets is read at a time, so fewer than cnt packets may be processed.
A value of -1 or 0 for cnt causes all the packets received in one
buffer to be processed when reading a live capture, and causes all the
packets in the file to be processed when reading a ``savefile''.
(In older versions of libpcap, the behavior when cnt was 0 was unde-
fined; different platforms and devices behaved differently, so code
that must work with older versions of libpcap should use -1, nor 0, as
the value of cnt.)
callback specifies a routine to be called with three arguments: a
u_char pointer which is passed in the user argument to pcap_loop() or
pcap_dispatch(), a const struct pcap_pkthdr pointer pointing to the
packet time stamp and lengths, and a const u_char pointer to the first
caplen (as given in the struct pcap_pkthdr a pointer to which is passed
to the callback routine) bytes of data from the packet.
RETURN VALUE
pcap_loop() returns 0 if cnt is exhausted, -1 if an error occurs, or -2
if the loop terminated due to a call to pcap_breakloop() before any
packets were processed. It does not return when live read timeouts
occur; instead, it attempts to read more packets.
pcap_dispatch() returns the number of packets processed on success;
this can be 0 if no packets were read from a live capture (if, for
example, they were discarded because they didn't pass the packet fil-
ter, or if, on platforms that support a read timeout that starts before
any packets arrive, the timeout expires before any packets arrive, or
if the file descriptor for the capture device is in non-blocking mode
and no packets were available to be read) or if no more packets are
available in a ``savefile.'' It returns -1 if an error occurs or -2 if
the loop terminated due to a call to pcap_breakloop() before any pack-
ets were processed. If your application uses pcap_breakloop(), make
sure that you explicitly check for -1 and -2, rather than just checking
for a return value < 0.
If -1 is returned, pcap_geterr() or pcap_perror() may be called with p
as an argument to fetch or display the error text.
请采纳。
添加回答
举报