Hello,
When browsing/reading about pcap_getevent(), I got the impression
that its intended use was roughly this (pseudo-code):
----------
cap = open_device(..);
hev = pcap_getevent(cap);
while(1) {
// block and wait for data to become available for reading
dw = WaitForMultipleObjects([hev]);
if(dw == FIRST_INDEX) {
// Enter a loop that calls pcap_next() until the buffer is empty
}
}
----------
I.e. pcap_getevent() returns an HANDLE to an event semaphore that is
"set" when there's data in the input buffer, and the application is
meant to block and wait for it.
However, I have written code which does (rougly) what the code above
does, but it never fires when packets arrive (I know I have the
interface names and all that correct).
So I went to the source code. In threadsignaltest.c example it
looks like the event semaphore is used in the "opposite" direction --
i.e. it is used to wake up pcap_next() et al.
And when I change the code to do that, it seems to work.
Posting this in case anyone else runs into this misconception.
--
Kind Regards,
Jan
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at https://seclists.org/nmap-dev/
