> I noticed that in modified pcap-linux.c, when there is no data we just
> return(0) and didn't use the callback functions :
>
> (*callback)(user, &h1, bp).
The callback routine is to be used to pass data to the callback routine;
if there's no data, you can't pass data to it, so you can't call it
back....
The loop for Ethereal when it's capturing packets does
while (gtk_events_pending()) gtk_main_iteration();
inpkts = pcap_dispatch(pch, 1, capture_pcap_cb, (u_char *) &ld);
which processes any GTK+ events (input, etc.) and then blocks waiting
for a packet to arrive or for the "libpcap" timeout to end.
"pcap_dispatch()" should be doing:
return (pcap_read(p, cnt, callback, user));
as this was opened with "pcap_open_live()"; the patched Linux
"pcap_read()" should be doing a "select()" with the timeout specified in
the "pcap_open_live()" call - if the timeout goes off, and there's
nothing to be read from the descriptor for the SOCK_PACKET socket,
"select()" should return 0, and "pcap_read()" should return.
"pcap_dispatch()" should then return, and Ethereal should update the
packet counts if it's been a second since the last update, should sync
out any new packets written - but there shouldn't be any, as the
"select()" would've timed out - and should then go back to the beginning
of the loop to do
while (gtk_events_pending()) gtk_main_iteration();
inpkts = pcap_dispatch(pch, 1, capture_pcap_cb, (u_char *) &ld);
again.
