pcap_loop 和 pcap_dispatch 之间到底有什么区别?
问问题
10760 次
1 回答
22
该手册对这一点的描述非常好(我是板着脸说,保证)。来自man pcap_loop:
pcap_loop() processes packets from a live capture or ``savefile''
until cnt packets are processed, the end of the ``savefile'' is
reached when reading from a ``savefile'', pcap_breakloop() is called,
or an error occurs. It does not return when live read timeouts
occur. A value of -1 or 0 for cnt is equivalent to infinity, so that
packets are processed until another ending condition occurs.
pcap_dispatch() processes packets from a live capture or ``savefile''
until cnt packets are processed, the end of the current bufferful of
packets is reached when doing a live capture, the end of the ``save‐
file'' is reached when reading from a ``savefile'', pcap_breakloop()
is called, or an error occurs. Thus, when doing a live capture, cnt
is the maximum number of packets to process before returning, but is
not a minimum number; when reading a live capture, only one bufferful
of packets is read at a time, so fewer than cnt packets may be pro‐
cessed. A value of -1 or 0 for cnt causes all the packets received in
one buffer to be processed when reading a live capture, and causes
all the packets in the file to be processed when reading a ``save‐
file''.
这有点像文字墙,所以让我们分解一下。
两个功能:
- 处理来自实时捕获或“保存文件”的数据包,直到出现以下任何情况:
- 达到指定的计数
- 到达“保存文件”的末尾
- pcap_breakloop() 被调用
- 发生错误
- 考虑 -1 或 0 本质上意味着“处理无限数量的数据包” - 也就是说,直到另一个结束条件发生。(推荐使用-1,以便与旧版本互操作,稍后在手册中)
pcap_dispatch() 单独
- 在进行实时捕获时,在达到当前缓冲的数据包结束后也返回(换句话说,可以更频繁地返回,因为指定的计数不是最小值)
于 2011-02-09T08:11:31.653 回答