Wireshark-dev: Re: [Wireshark-dev] Triggers
From: "Luis EG Ontanon" <[email protected]>
Date: Fri, 11 Apr 2008 01:17:24 +0200
On Thu, Apr 10, 2008 at 11:03 PM, Guy Harris <[email protected]> wrote:
> Luis EG Ontanon wrote:
>  >  I did not notice the load-peak while playing with it but I believe I
>  >  should have felt it in my very slow PPC mac...  do pcap_dispatch works
>  >  differently in linux and bsds? (Guy?)
>  The main difference is that Linux, unless you're using the memory-mapped
>  capture mechanism (supported by the under-development libpcap 1.0), you
>  get one packet per recvfrom() call, while in OS X and *BSD, BPF will
>  buffer up packets until the buffer fills up or the timeout expires, so
>  you can get multiple packets per read().
Which makes me wonder:

Can we get the autoconf script to understand if we can get multiple or
single packets per read given the fact that we cannot dare
pcap_open_live() in them?


Is it better to use select() in all unix platforms?


This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan