networking - pcap_loop 和 pcap_dispatch 区别

Question

pcap_loop 和 pcap_dispatch 到底有什么区别？

Answer 1

手册很好地描述了这一点(我是板着脸说的，保证)。来自 man pcap_loop :

   pcap_loop() processes packets from a  live  capture  or  ``savefile''
   until  cnt  packets  are  processed,  the  end of the ``savefile'' is
   reached when reading from a ``savefile'', pcap_breakloop() is called,
   or  an  error  occurs.   It  does  not return when live read timeouts
   occur.  A value of -1 or 0 for cnt is equivalent to infinity, so that
   packets are processed until another ending condition occurs.

   pcap_dispatch() processes packets from a live capture or ``savefile''
   until cnt packets are processed, the end of the current bufferful  of
   packets  is reached when doing a live capture, the end of the ``save‐
   file'' is reached when reading from a ``savefile'',  pcap_breakloop()
   is  called, or an error occurs.  Thus, when doing a live capture, cnt
   is the maximum number of packets to process before returning, but  is
   not a minimum number; when reading a live capture, only one bufferful
   of packets is read at a time, so fewer than cnt packets may  be  pro‐
   cessed. A value of -1 or 0 for cnt causes all the packets received in
   one buffer to be processed when reading a live  capture,  and  causes
   all  the  packets  in the file to be processed when reading a ``save‐
   file''.

我知道你并不是真的想阅读和理解所有这些，所以让我们分解一下。

两个函数 :

处理来自实时捕获或“保存文件”的数据包，直到出现以下任何一种情况:

达到指定计数

到达“保存文件”的结尾

pcap_breakloop() 被调用

发生错误

考虑 -1 或 0 实质上意味着“处理无限数量的数据包”——即，直到另一个结束条件发生。 (-1 推荐用于与旧版本的互操作性，在手册后面)

pcap_dispatch() 单独

当进行实时捕获时，也会在达到当前缓冲的数据包结束后返回(换句话说，可以更频繁地返回，因为指定的计数不是最小值)