Wireshark-dev: Re: [Wireshark-dev] Problems with the newly modified and compiled wpcap.dll

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Thu, 4 Oct 2007 15:50:26 -0700

On Oct 3, 2007, at 11:40 PM, Varuna De Silva wrote:

Hello,

> > And when I press the start button, the program, Hangs up.

> Perhaps your xxx_read routine is blocked waiting for a 3968-byte buffer > full of data to arrive, even though some

> data has arrived? See my mail to tcpdump-workers on that.

I have not implemented it yet, before doing it I tried to enter some raw data to an u_char array and point to that just to make sure pointers and other stuff works together.

my xxx_read() file looks like this below
___________________________________________________________________

int muwis_read(pcap_t *p, int cnt, pcap_handler callback, u_char *user)

{
  int processed = 0;

u_char dispbuff[250] = {'\x20','\x41','\x56','\x25','\x30','\x23','\x34'};

	...

    do{

		...

        dp = &dispbuff[0]; /*pointer to the data*/

        /* Call the user supplied callback function */
        callback(user, &pcap_header, dp);

        processed++;

    }while(processed<cnt);

For your testing, you probably want to add a packet count variable, giving the number of packets that are in the dispbuff array, and then do

	do{

		...

	}while (processed < packet_count && (cnt == 0 || processed < cnt));

so that

1) you correctly handle a cnt argument of 0 (meaning "process all the packets in the buffer")

and

	2) you don't return more packets than are in the buffer.

In capture->interfaces list displays my device along with the others, but in the "packets" and "packets/s" column, for all the interfaces listed it shows some very high "unrealistic " values such as 277314 for packets and extremely high value for packets/s. > Have you implemented an xxx_stats routine that returns the correct packet counts?

I had not implemented it before,

So what did you set the "stats_op" member of the pcap_t to?

but now I have implemented in a similar way to septel_stat()
static int muwis_stats(pcap_t *p, struct pcap_stat *ps) {
  *ps = p->md.stat;

  return 0;
}
But then The problem has now got Worsen
Now when I select capture-> interfaces. The Program CRASHES :(

That's probably not due to the muwis_stats() routine.

" Couldnt set capture buffer size
Size 1MB seems to be too high for your machine
default is 1MB
Any way capture started. "


But now the packets could be seen. Is this comes with the
memory of my machine(256MB)  being low?

No, it comes with the Win32-only pcap_setbuff() routine not being set up to handle add-on capture interfaces such as yours. I'll have to look at how to fix that.