Wireshark-dev: Re: [Wireshark-dev] Problems with the newly modified and compiled wpcap.dll
From: "Varuna De Silva" <[email protected]>
Date: Thu, 4 Oct 2007 12:10:44 +0530

> > And when I press the start button, the program, Hangs up.

> Perhaps your xxx_read routine is blocked waiting for a 3968-byte buffer    > full of data to arrive, even though some
> data has arrived? See
my mail to tcpdump-workers on that.

I have not implemented it yet, before doing it I tried to enter some raw data to an u_char array
and point to that just to make sure pointers and other stuff works together.

my xxx_read() file looks like this below

int muwis_read(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
  int processed = 0;
  u_char dispbuff[250] = {'\x20','\x41','\x56','\x25','\x30','\x23','\x34'};
    /* --------These are to get the time stamp--------*/
    __int64 freq, tStart, tStop;
    unsigned long Timeinus;
    // Get the frequency of the hi-res timer

    /*repeat until a packet is read
     *a NULL message means :
     * when no packet is in queue or all packets in queue already read

        unsigned short packet_len = 0;
        int caplen = 0;
        struct pcap_pkthdr   pcap_header; /* Appears in pcap.h */
        u_char *dp ; /*pointer to the pcap data*/
        /* Creation of the pcap header packet header */
        caplen = p->snapshot; /*portion of the packet inside */
        packet_len = 4;/*should be set*/
        if (caplen > packet_len) {

            caplen = packet_len;

        Timeinus = (unsigned long)((tStop * 1000000) / freq);

        /* Fill in our own header data */
            pcap_header.caplen = caplen;
            pcap_header.len = packet_len;
            pcap_header.ts.tv_sec= Timeinus/1000000;
            pcap_header.ts.tv_usec = Timeinus%1000000;

        /* Count the packet. */
        p->md.stat.ps_recv++ ;
        dp = &dispbuff[0]; /*pointer to the data*/
        /* Call the user supplied callback function */
        callback(user, &pcap_header, dp);



    return processed;

In capture->interfaces list displays my device along with the others,
but in the "packets" and "packets/s" column, for all the interfaces listed it shows some very high "unrealistic " values such as 277314 for packets
and extremely high value for packets/s.

> Have you implemented an xxx_stats routine that returns the correct packet counts?

I had not implemented it before, but now I have implemented in a similar way to septel_stat()
static int muwis_stats(pcap_t *p, struct pcap_stat *ps) {
  *ps = p->md.stat;
  return 0;
But then
The problem has now got Worsen
Now when I select capture-> interfaces. The Program CRASHES :(

Next I did something like below though it cant really be like this,

static int muwis_stats(pcap_t *p, struct pcap_stat *ps) {
    return 0;

Now as similar to the previous occasion, I get a high value for
packets and packets/s, just for one time and then I get this
error message appearing

" Couldnt set capture buffer size
Size 1MB seems to be too high for your machine
default is 1MB
Any way capture started. "

But now the packets could be seen. Is this comes with the
memory of my machine(256MB)  being low?

But surely there is a problem with my muwis_stats() function
Isnt it? Kindly correct me! and possibly with

*ps = p->md.stat;

I just passed the same message(Useless) but that is just to understand
the process.

Further I have not done anything regarding these two functions and
they appear as is in the pcap-septel.c, any specific additions I need
to do ?
static int muwis_setfilter(pcap_t *p, struct bpf_program *fp) {
    return (0);

static void muwis_platform_close(pcap_t *p) {

int muwis_setnonblock_fd(pcap_t *p, int nonblock, char *errbuf){
  return (0);

int muwis_getnonblock_fd(pcap_t *p, char *errbuf){
  return (0);

kindly let me know of any comments you have