Wireshark · Wireshark-dev: Re: [Wireshark-dev] Delays in real-time packet capture

Wireshark-dev: Re: [Wireshark-dev] Delays in real-time packet capture

From: Richard van der Hoff <richardv@xxxxxxxxxxxxx>

Date: Mon, 09 Oct 2006 12:54:58 +0100

Sorry for taking a while to get back to this...

Guy Harris wrote:

Richard van der Hoff wrote:
The only concern with this would be that dumpcap would presumably thensend a packet count after every packet - which might mean a significantquantity of data.
Every batch of packets, at least.
Some OSes support packet batching, so that a single read from thecapture device can supply multiple packets; those OSes support atimeout, so that the read either waits for a full batch or for a timerto expire, so you don't wait indefinitely for a full batch.
...
Linux, however, doesn't support batching, at least not in PF_PACKET sockets.

So perhaps the ideal would be to use select() to timeout on OSes whichsupport it (ie, Linux); batching on OSes which support that but notselect() on a socket (SunOS, Digital/Tru64, WinPcap, etc?), and send anupdate for every packet on those that support neither (are there any?).

Or is this overcomplicated and we should just send an update everypacket if the OS doesn't support batching?


Regards,

Richard


--
Richard van der Hoff <richardv@xxxxxxxxxxxxx>
Project Manager
Tel: +44 (0) 845 666 7778
http://www.mxtelecom.com

Prev by Date: Re: [Wireshark-dev] [Patch] Re: capture from a fifo
Next by Date: [Wireshark-dev] Please, can anyone help me with my problem calculating interarrival jitter?
Previous by thread: Re: [Wireshark-dev] [Patch] SCSI-OSD: reorder attributes page
Next by thread: [Wireshark-dev] Please, can anyone help me with my problem calculating interarrival jitter?
Index(es):
- Date
- Thread