[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [Libevent-users] how the difference of libevent version 1.4 and 2.0 influence libpcap events?



On Mon, Oct 12, 2015 at 2:06 PM, liu wen <caonimagongling@xxxxxxxxx> wrote:

I also register an TCP listening event on event_base( two events: on_accept and on_recv.)

then I run the program on host A and send packets from host B, meanwhile I use a tcpdump to capture packets on A Â(tcpdump -i eth0 Âport 8000 )
Â
For comparison, I have two laptops which acts as A, I tried the program (compile and then run) on these two laptops, one with Fedora (fedora release 18) and one with Ubuntu (Ubuntu 14.04.2 LTS)

on ubuntu events are invoked in the following orderÂ

on captureÂ
pcap_dispatch() returns 0
on captureÂ
pcap_dispatch() returns 0
on acceptÂ
on recvÂ

it is strange that theÂpcap_dispatch returns 0 twice. My expectation is that the when on_capture event is triggered,Âpcap_dispatch will catch TCP SYN packets before on_accept event is triggered. But I don't know why the on_capture events are invoked twice andÂpcap_dispatch()ÂÂreturns 0.

on Fedora, the program works as expected, theÂpcap_dispatch() can capture packets the first time it is invoked before on_accept event

I use ldd to check the libraries of this program on each laptop.

Fedora:
  Â$ldd relayÂ
linux-vdso.so.1 => Â(0x00007fff1d1ad000)
libevent-1.4.so.2 => /lib/libevent-1.4.so.2 (0x00007faca467d000)
libpcap.so.1 => /lib64/libpcap.so.1 (0x00000035b4a00000)
libc.so.6 => /lib64/libc.so.6 (0x00000035b0a00000)
libnsl.so.1 => /lib64/libnsl.so.1 (0x00000035cea00000)
librt.so.1 => /lib64/librt.so.1 (0x00000035b1a00000)
libresolv.so.2 => /lib64/libresolv.so.2 (0x00000035b2e00000)
/lib64/ld-linux-x86-64.so.2 (0x00000035b0200000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00000035b1600000)


ubuntu:

   $ ldd relayÂ
linux-vdso.so.1 => Â(0x00007ffd08bc5000)
libevent-2.0.so.5 => /usr/lib/x86_64-linux-gnu/libevent-2.0.so.5 (0x00007eff35f81000)
libpcap.so.0.8 => /usr/lib/x86_64-linux-gnu/libpcap.so.0.8 (0x00007eff35d43000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007eff3597e000)
libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007eff35760000)
/lib64/ld-linux-x86-64.so.2 (0x00007eff361c5000)


indeed, both libpcap and libevent versions are different.
what are potential problems for my program when it runs on ubuntu? how can fix the unexpected problems on ubuntu?
thank you!

There shouldn't be a difference, technically that is. 1.x differs greatly though in functionality, but is backwards compat with 1.x. A few years ago I did a 2.x conversion for some very old code:Âhttps://github.com/ellzey/trafan/blob/master/trafan.cÂwith pcap.

and *many* many years ago I did this which never moved out to 2.x, completely 1.0. But it still works with old/new pcap and libevent as seen here:Â

https://strcpy.net/mark/dns_stuff/dns-sla/dnsm.cÂ
https://strcpy.net/mark/dns_stuff/dns_spoof_watch/dns_spoof_watch.c


But mind you, pcap_dispatch with -1 means you may be processing a ton of packets, all of which call your pcap callback. ÂÂ