Forum Topic - strange behavior of using pcap.h: Page 3 of 4 (82 Items)
   
Re: RE: strange behavior of using pcap.h  
> Should I sreach my QNX nto machine or development machine. In which file 
> should I exactly search
> 
> Regards,
> Mohammad


If you mean source code then take a look the source tree: trunk/sys/current_time.c or tags/GA/6.4.0/sys...
if you mean binary, I refer io-pkt-v4. On you development machine, ntox86-objdump -d $QNX_TARGET/x86/sbin/io-pkt-v4 to 
find <mtime>:    If you can do this on your nto machine(target?) it would be better.
Re: RE: strange behavior of using pcap.h  
What software can open the file so I can edit it.
Thanks
Mohammad
Re: RE: strange behavior of using pcap.h  
I am using xvi32 to open the file it finds one mtime but the codes around it is completely different than what you 
mentioned above. I attached the file. Could you please modify this and send it for me.

Regards,
Mohammad
Attachment: Text io-pkt-v4 575.02 KB
Re: RE: strange behavior of using pcap.h  
there are two more similar files

io-pkt-v4-hc
io-pkt-v6-hc

I could not find below in these files

                 0805ca45 <mtime>:
 805ca45:       55                      push   %ebp
 805ca46:       89 e5                   mov    %esp,%ebp
 805ca48:       83 ec 28                sub    $0x28,%esp
 805ca4b:       89 5d f4                mov    %ebx,-0xc(%ebp)
 805ca4e:       89 75 f8                mov    %esi,-0x8(%ebp)
 805ca51:       89 7d fc                mov    %edi,-0x4(%ebp)
 805ca54:       89 cf                   mov    %ecx,%edi
 805ca56:       85 d2                   test   %edx,%edx
 805ca58:       0f 94 c0                sete   %al
 805ca5b:       0f b6 c0                movzbl %al,%eax
 805ca5e:       89 04 24                mov    %eax,(%esp)
 805ca61:       e8 a0 fe ff ff          call   805c906 <currtime_nto>
 805ca66:       89 c3                   mov    %eax,%ebx
 805ca68:       81 e3 00 00 80 ff       and    $0xff800000,%ebx
 805ca6e:       89 d6                   mov    %edx,%esi
 805ca70:       8b 15 4c 63 0c 08       mov    0x80c634c,%edx
 805ca76:       31 f2                   xor    %esi,%edx
 805ca78:       a1 48 63 0c 08          mov    0x80c6348,%eax
 805ca7d:       31 d8                   xor    %ebx,%eax
 805ca7f:       09 c2                   or     %eax,%edx
 805ca81:       74 6a                   je     805caed <mtime+0xa8>
0805ca45 <mtime>:
 805ca45:       55                      push   %ebp
 805ca46:       89 e5                   mov    %esp,%ebp
 805ca48:       83 ec 28                sub    $0x28,%esp
 805ca4b:       89 5d f4                mov    %ebx,-0xc(%ebp)
 805ca4e:       89 75 f8                mov    %esi,-0x8(%ebp)
 805ca51:       89 7d fc                mov    %edi,-0x4(%ebp)
 805ca54:       89 cf                   mov    %ecx,%edi
 805ca56:       85 d2                   test   %edx,%edx
 805ca58:       0f 94 c0                sete   %al
 805ca5b:       0f b6 c0                movzbl %al,%eax
 805ca5e:       89 04 24                mov    %eax,(%esp)
 805ca61:       e8 a0 fe ff ff          call   805c906 <currtime_nto>
 805ca66:       89 c3                   mov    %eax,%ebx
 805ca68:       81 e3 00 00 80 ff       and    $0xff800000,%ebx
 805ca6e:       89 d6                   mov    %edx,%esi
 805ca70:       8b 15 4c 63 0c 08       mov    0x80c634c,%edx
 805ca76:       31 f2                   xor    %esi,%edx
 805ca78:       a1 48 63 0c 08          mov    0x80c6348,%eax
 805ca7d:       31 d8                   xor    %ebx,%eax
 805ca7f:       09 c2                   or     %eax,%edx
 805ca81:       74 6a                   je     805caed <mtime+0xa8>
Re: RE: strange behavior of using pcap.h  
it is hacked then run this on your qnx target.
run "pidin arg|grep io-pkt*" on your target find which io-pkt you are using and make sure you are replace it with this 
io-pkt-v4 not others.
keep a copy!

Attachment: Text io-pkt-v4 575.02 KB
Re: RE: strange behavior of using pcap.h  
when I run pidin arg|grep io-pkt* it responses

114708  io-pkt-v4-hc -ptcpip
1220648 io-pkt*


now am I using io-pkt-v4-hc?
if yes, should I replace hacked version (io-pkt-v4) with (io-pkt-v4-hc) or with io-pkt-hc

or should we hack io-pkt-v4-hc



Regards,
Mohammad 


Attachment: Text io-pkt-v4-hc 998.1 KB
Re: RE: strange behavior of using pcap.h  
I learned how to hack io-pkt-v4-hc now the accuracy is 1msec, I am getting 8 packets per 1 msec

How can I reduce that to 100usec or less

Thanks,
Mohammad


Re: RE: strange behavior of using pcap.h  
I would like to get packets one by one. What should I do?

Mohammad
Re: RE: strange behavior of using pcap.h  
> I would like to get packets one by one. What should I do?
> 
> Mohammad


take a look at source of pcap_open_live, in pcap_open_live there is code for AIX how to call 	if (ioctl(p->fd, 
BIOCIMMEDIATE, &v) < 0) {
		snprintf(ebuf, PCAP_ERRBUF_SIZE, "BIOCIMMEDIATE: %s",
		    pcap_strerror(errno));
		goto bad;
	}
you need to find out how to get fd.

another way probably you are ok now: still hack io-pkt-v4-hc, 
	if (d->bd_immediate || d->bd_state == BPF_TIMED_OUT)
		/*
		 * Immediate mode is set, or the read timeout has
		 * already expired during a select call.  A packet
		 * arrived, so the reader should be woken up.
		 */
		bpf_wakeup(d);
}

disassembly io-pkt-v4-hc's catchpacket, change d->bd_immediate to 1 then you will always get packet one by one.
default it won't be set in pcap_open_alive as it is fox AIX.

/*
 * Move the packet data from interface memory (pkt) into the
 * store buffer.  Return 1 if it's time to wakeup a listener (buffer full),
 * otherwise 0.  "copy" is the routine called to do the actual data
 * transfer.  memcpy is passed in to copy contiguous chunks, while
 * bpf_mcpy is passed in to copy mbuf chains.  In the latter case,
 * pkt is really an mbuf.
 */
static void
catchpacket(struct bpf_d *d, u_char *pkt, u_int pktlen, u_int snaplen,
	    void *(*cpfn)(void *, const void *, size_t), struct timeval *tv)
{
	struct bpf_hdr *hp;
	int totlen, curlen;
	int hdrlen = d->bd_bif->bif_hdrlen;

	++d->bd_ccount;
	++bpf_gstats.bs_capt;
	/*
	 * Figure out how many bytes to move.  If the packet is
	 * greater or equal to the snapshot length, transfer that
	 * much.  Otherwise, transfer the whole packet (unless
	 * we hit the buffer size limit).
	 */
	totlen = hdrlen + min(snaplen, pktlen);
	if (totlen > d->bd_bufsize)
		totlen = d->bd_bufsize;

	/*
	 * Round up the end of the previous packet to the next longword.
	 */
	curlen = BPF_WORDALIGN(d->bd_slen);
	if (curlen + totlen > d->bd_bufsize) {
		/*
		 * This packet will overflow the storage buffer.
		 * Rotate the buffers if we can, then wakeup any
		 * pending reads.
		 */
		if (d->bd_fbuf == 0) {
			/*
			 * We haven't completed the previous read yet,
			 * so drop the packet.
			 */
			++d->bd_dcount;
			++bpf_gstats.bs_drop;
			return;
		}
		ROTATE_BUFFERS(d);
		bpf_wakeup(d);
		curlen = 0;
	}

	/*
	 * Append the bpf header.
	 */
	hp = (struct bpf_hdr *)(d->bd_sbuf + curlen);
	hp->bh_tstamp = *tv;
	hp->bh_datalen = pktlen;
	hp->bh_hdrlen = hdrlen;
	/*
	 * Copy the packet data into the store buffer and update its length.
	 */
	(*cpfn)((u_char *)hp + hdrlen, pkt, (hp->bh_caplen = totlen - hdrlen));
	d->bd_slen = curlen + totlen;

	/*
	 * Call bpf_wakeup after bd_slen has been updated so that kevent(2)
	 * will cause filt_bpfread() to be called with it adjusted.
	 */
	if (d->bd_immediate || d->bd_state == BPF_TIMED_OUT)
		/*
		 * Immediate mode is set, or the read timeout has
		 * already expired during a select call.  A packet
		 * arrived, so the reader should be woken up.
		 */
		bpf_wakeup(d);
}


I suggest you read source as it is not difficult. that is why open source is popular and we publish source code.
Re: RE: strange behavior of using pcap.h  
So the easiest way is to disassemble io-pkt-v4-hc's catchpacket, change d->bd_immediate to 1 then I will always get 
packet one by one.

How can I disassemble  io-pkt-v4-hc. Is there any software which can do the job for me.

I am attaching my io-pkt-v4-hc. Could you do me a favor and change d->bd_immediate to 1. I think after this I am done 
and I can verify QNX for may application.

Regards
Mohammad
Attachment: Text io-pkt-v4-hc 998.1 KB
Re: RE: strange behavior of using pcap.h  
On Fri, Jul 31, 2009 at 10:01:17AM -0400, Yao Zhao wrote:
> > I would like to get packets one by one. What should I do?
> > 
> > Mohammad
> 
> 
> take a look at source of pcap_open_live, in pcap_open_live there is code for AIX how to call 	if (ioctl(p->fd, 
BIOCIMMEDIATE, &v) < 0) {
> 		snprintf(ebuf, PCAP_ERRBUF_SIZE, "BIOCIMMEDIATE: %s",
> 		    pcap_strerror(errno));
> 		goto bad;
> 	}
> you need to find out how to get fd.
> 
> another way probably you are ok now: still hack io-pkt-v4-hc, 
> 	if (d->bd_immediate || d->bd_state == BPF_TIMED_OUT)
> 		/*
> 		 * Immediate mode is set, or the read timeout has
> 		 * already expired during a select call.  A packet
> 		 * arrived, so the reader should be woken up.
> 		 */
> 		bpf_wakeup(d);
> }
> 
> disassembly io-pkt-v4-hc's catchpacket, change d->bd_immediate to 1 then you will always get packet one by one.
> default it won't be set in pcap_open_alive as it is fox AIX.

You can get the fd with pcap_fileno(), but I'm not convinced
anymore that he want's to get packets one at a time.  I think
he's worried about the timestamp...

-seanb
Re: strange behavior of using pcap.h  
> I would like to get packets one by one. What should I do?
>
> Mohammad
>
>
>
> _______________________________________________
>
>
>   
Sean sent you a libpcap.a that lets you enable immediate mode.  That 
should be all you need.

Murf
Re: strange behavior of using pcap.h  
On Fri, Jul 31, 2009 at 10:12:06AM -0400, John Murphy wrote:
> 
> > I would like to get packets one by one. What should I do?
> >
> > Mohammad
> >
> >
> >
> > _______________________________________________
> >
> >
> >   
> Sean sent you a libpcap.a that lets you enable immediate mode.  That 
> should be all you need.
> 

I think that's the confusion in this thread.  I think Mohammad's
under the impression that the timestamp in the packet is when
he's actually getting it.  I'm not convinced anyore that the wait
on the read() is the concern.  If the timestamp on the packet
is the primary sticking point the attached diff will get the
resolution of the system clock which by default is 1ms.  The
system clock can then be changed with ClockPeriod() but I suspect
32us will be too much overhead.

Regards,

-seanb
Attachment: Text diff 409 bytes
Re: strange behavior of using pcap.h  
In this case I have to recompile io-pkt, am I write, I am not familiar with this procedure, any way to hack io-pkt-v4-hc


why this is not optional in QNX, so user can determine what they want.


Regards,
Mohammad 
Re: strange behavior of using pcap.h  
> 
> > I would like to get packets one by one. What should I do?
> >
> > Mohammad
> >
> >
> >
> > _______________________________________________
> >
> >
> >   
> Sean sent you a libpcap.a that lets you enable immediate mode.  That 
> should be all you need.
> 
> Murf


I did that, didn't work, even when I reboot my target machine it can  not connect to net anymore.

Mohammad 
Re: strange behavior of using pcap.h  
> > 
> > > I would like to get packets one by one. What should I do?
> > >
> > > Mohammad
> > >
> > >
> > >
> > > _______________________________________________
> > >
> > >
> > >   
> > Sean sent you a libpcap.a that lets you enable immediate mode.  That 
> > should be all you need.
> > 
> > Murf
> 
> 
> I did that, didn't work, even when I reboot my target machine it can  not 
> connect to net anymore.
> 
> Mohammad 


Don't panic.
give me your source code(to make sure I can compile) and I can finish all for you. that will save all of us time.
RE: strange behavior of using pcap.h  

> -----Original Message-----
> From: Yao Zhao [mailto:community-noreply@qnx.com]
> Sent: Friday, July 31, 2009 11:19 AM
> To: ionetmig-networking
> Subject: Re: strange behavior of using pcap.h
> 
> > >
> > > > I would like to get packets one by one. What should I do?
> > > >
> > > > Mohammad
> > > >
> > > >
> > > >
> > > > _______________________________________________
> > > >
> > > >
> > > >
> > > Sean sent you a libpcap.a that lets you enable immediate mode.
> That
> > > should be all you need.
> > >
> > > Murf
> >
> >
> > I did that, didn't work, even when I reboot my target machine it can
> not
> > connect to net anymore.
> >
> > Mohammad
> 
> 
> Don't panic.
> give me your source code(to make sure I can compile) and I can finish
> all for you. that will save all of us time.

I also have some source code that need fixing, can I send it to you?

> 
> 
> 
> _______________________________________________
> 
> io-net migration
> http://community.qnx.com/sf/go/post35055
> 
Re: RE: strange behavior of using pcap.h  
I just installed QNX few days ago and I have not changed anything, I think the source is untouched and available in the 
QNX website. Am I right?

Thanks alot,
Mohammad
Re: strange behavior of using pcap.h  
> > > 
> > > > I would like to get packets one by one. What should I do?
> > > >
> > > > Mohammad
> > > >
> > > >
> > > >
> > > > _______________________________________________
> > > >
> > > >
> > > >   
> > > Sean sent you a libpcap.a that lets you enable immediate mode.  That 
> > > should be all you need.
> > > 
> > > Murf
> > 
> > 
> > I did that, didn't work, even when I reboot my target machine it can  not 
> > connect to net anymore.
> > 
> > Mohammad 
> 
> 
> Don't panic.
> give me your source code(to make sure I can compile) and I can finish all for 
> you. that will save all of us time.


Source code of packet capturing, it is attached. 
Attachment: Text newPacketcap.zip 132.6 KB
Re: strange behavior of using pcap.h  
Mohammad Dadashzadeh wrote:
>>> I would like to get packets one by one. What should I do?
>>>
>>> Mohammad
>>>
>>>
>>>
>>> _______________________________________________
>>>
>>>
>>>   
>>>       
>> Sean sent you a libpcap.a that lets you enable immediate mode.  That 
>> should be all you need.
>>
>> Murf
>>     
>
>
> I did that, didn't work, even when I reboot my target machine it can  not connect to net anymore.
>
> Mohammad 
>   
I compiled the code you published on this thread and linked it with 
Sean's libpcap and it worked fine.  I don't think we understand what you 
mean by "not working".

Murf
Re: strange behavior of using pcap.h  
> Mohammad Dadashzadeh wrote:
> >>> I would like to get packets one by one. What should I do?
> >>>
> >>> Mohammad
> >>>
> >>>
> >>>
> >>> _______________________________________________
> >>>
> >>>
> >>>   
> >>>       
> >> Sean sent you a libpcap.a that lets you enable immediate mode.  That 
> >> should be all you need.
> >>
> >> Murf
> >>     
> >
> >
> > I did that, didn't work, even when I reboot my target machine it can  not 
> connect to net anymore.
> >
> > Mohammad 
> >   
> I compiled the code you published on this thread and linked it with 
> Sean's libpcap and it worked fine.  I don't think we understand what you 
> mean by "not working".
> 
> Murf


I replaced linpcap.a which Sean sent with all libpcap.a files in my development and target machine. I recompiled and 
built the project yet I am getting 8 packets every 1 ms while the packets are transmitted two every 250 usec.

Regards,
Mohammad
Re: strange behavior of using pcap.h  
> > Mohammad Dadashzadeh wrote:
> > >>> I would like to get packets one by one. What should I do?
> > >>>
> > >>> Mohammad
> > >>>
> > >>>
> > >>>
> > >>> _______________________________________________
> > >>>
> > >>>
> > >>>   
> > >>>       
> > >> Sean sent you a libpcap.a that lets you enable immediate mode.  That 
> > >> should be all you need.
> > >>
> > >> Murf
> > >>     
> > >
> > >
> > > I did that, didn't work, even when I reboot my target machine it can  not 
> 
> > connect to net anymore.
> > >
> > > Mohammad 
> > >   
> > I compiled the code you published on this thread and linked it with 
> > Sean's libpcap and it worked fine.  I don't think we understand what you 
> > mean by "not working".
> > 
> > Murf
> 
> 
> I replaced linpcap.a which Sean sent with all libpcap.a files in my 
> development and target machine. I recompiled and built the project yet I am 
> getting 8 packets every 1 ms while the packets are transmitted two every 250 
> usec.
> 
> Regards,
> Mohammad


this is part of captured packets, compared to the packets shown in the first post I am getting 1 msec resolution. If I 
use Wireshark, it captures two packets almost every 250 msec.

Thanks
Mohammad


11:35:29,160460 len:121
11:35:29,160460 len:121
11:35:29,160460 len:121
11:35:29,160460 len:121
11:35:29,160460 len:121
11:35:29,160460 len:121
11:35:29,160460 len:121
11:35:29,160460 len:121
11:35:29,161459 len:121
11:35:29,161459 len:121
11:35:29,161459 len:121
11:35:29,161459 len:121
11:35:29,161459 len:121
11:35:29,161459 len:121
11:35:29,161459 len:121
11:35:29,161459 len:121
11:35:29,161459 len:121
11:35:29,161459 len:121
11:35:29,161459 len:121
11:35:29,161459 len:121
11:35:29,161459 len:121
11:35:29,161459 len:121
11:35:29,162460 len:121
11:35:29,162460 len:121
11:35:29,162460 len:121
11:35:29,162460 len:121
11:35:29,162460 len:121
11:35:29,162460 len:121
11:35:29,162460 len:121
11:35:29,162460 len:121
11:35:29,162460 len:121
11:35:29,162460 len:121
11:35:29,162460 len:121
11:35:29,162460 len:121
11:35:29,162460 len:121
11:35:29,162460 len:121
11:35:29,163459 len:121
11:35:29,163459 len:121
11:35:29,163459 len:121
11:35:29,163459 len:121
11:35:29,163459 len:121
11:35:29,163459 len:121
11:35:29,163459 len:121
11:35:29,163459 len:121
11:35:29,163459 len:121
11:35:29,163459 len:121
11:35:29,163459 len:121
11:35:29,163459 len:121
11:35:29,163459 len:121
11:35:29,163459 len:121
11:35:29,164460 len:121
11:35:29,164460 len:121
11:35:29,164460 len:121
11:35:29,164460 len:121
Re: strange behavior of using pcap.h  
> > Mohammad Dadashzadeh wrote:
> > >>> I would like to get packets one by one. What should I do?
> > >>>
> > >>> Mohammad
> > >>>
> > >>>
> > >>>
> > >>> _______________________________________________
> > >>>
> > >>>
> > >>>   
> > >>>       
> > >> Sean sent you a libpcap.a that lets you enable immediate mode.  That 
> > >> should be all you need.
> > >>
> > >> Murf
> > >>     
> > >
> > >
> > > I did that, didn't work, even when I reboot my target machine it can  not 
> 
> > connect to net anymore.
> > >
> > > Mohammad 
> > >   
> > I compiled the code you published on this thread and linked it with 
> > Sean's libpcap and it worked fine.  I don't think we understand what you 
> > mean by "not working".
> > 
> > Murf
> 
> 
> I replaced linpcap.a which Sean sent with all libpcap.a files in my 
> development and target machine. I recompiled and built the project yet I am 
> getting 8 packets every 1 ms while the packets are transmitted two every 250 
> usec.
> 
> Regards,
> Mohammad


You don't need to replace libpcap.a on target, it is only needed when you linking. 
Post the io-pkt-v4-hc you modified here and output of your application, if you modified correctly it should be stamped 
with microsecond, not millisecond. 
in bpf_deliver it will only call microtime once in a packet loop so that is another guess.

Murf: can you get different timestamp for flood packets?
Re: strange behavior of using pcap.h  
> > > Mohammad Dadashzadeh wrote:
> > > >>> I would like to get packets one by one. What should I do?
> > > >>>
> > > >>> Mohammad
> > > >>>
> > > >>>
> > > >>>
> > > >>> _______________________________________________
> > > >>>
> > > >>>
> > > >>>   
> > > >>>       
> > > >> Sean sent you a libpcap.a that lets you enable immediate mode.  That 
> > > >> should be all you need.
> > > >>
> > > >> Murf
> > > >>     
> > > >
> > > >
> > > > I did that, didn't work, even when I reboot my target machine it can  
> not 
> > 
> > > connect to net anymore.
> > > >
> > > > Mohammad 
> > > >   
> > > I compiled the code you published on this thread and linked it with 
> > > Sean's libpcap and it worked fine.  I don't think we understand what you 
> > > mean by "not working".
> > > 
> > > Murf
> > 
> > 
> > I replaced linpcap.a which Sean sent with all libpcap.a files in my 
> > development and target machine. I recompiled and built the project yet I am 
> 
> > getting 8 packets every 1 ms while the packets are transmitted two every 250
>  
> > usec.
> > 
> > Regards,
> > Mohammad
> 
> 
> You don't need to replace libpcap.a on target, it is only needed when you 
> linking. 
> Post the io-pkt-v4-hc you modified here and output of your application, if you
>  modified correctly it should be stamped with microsecond, not millisecond. 
> in bpf_deliver it will only call microtime once in a packet loop so that is 
> another guess.
> 
> Murf: can you get different timestamp for flood packets?


I do not know how to change d->bd_immediate to 1 in io-pkt-v4-hc. I attached my io-pkt-v4-hc

Regards,
Mohammad

Attachment: Text io-pkt-v4-hc 998.1 KB
Re: strange behavior of using pcap.h  
Yao Zhao wrote:
>
> Murf: can you get different timestamp for flood packets?
>
>
>   
I get timestamps with the normal 8 us. resolution, as expected.  The 
changes that were suggested for mtime will produce ms., not us., 
resolution, since the hardware clock interrupts (approximately) once per 
millisecond.

Murf