linux - libpcap setfilter() function and packet loss -


this first question here @stackoverflow.

i'm writing monitoring tool voip production servers, particularly sniff tool allows capture traffic (voip calls) match given pattern using pcap library in perl.

i cannot use poor selective filters e.g. "udp" , filtering in app's code, because involve traffic , kernel wouldn't cope reporting packet loss.

what iteratively build more selective filter possible during capture. @ beginning capture (all) sip signalling traffic , ip fragments (the pattern match has done @ application level in case) when find information rtp sip packets, add 'or' clauses actual filter-string specific ip , port , re-set filter setfilter().

so this:

  1. initial filter : "(udp , port 5060) or (udp , ip[6:2] & 0x1fff != 0)" -> captures sip traffic , ip fragments

  2. updated filter : "(udp , port 5060) or (udp , ip[6:2] & 0x1fff != 0) or (host ip , port port)" -> captures rtp on specific ip,port

  3. updated filter : "(udp , port 5060) or (udp , ip[6:2] & 0x1fff != 0) or (host ip , port port) or (host ip2 , port port2)" -> captures second rtp stream well

and on.

this works quite well, i'm able 'real' packet loss of rtp streams monitoring purposes, whereas poor selective filter version of tool, rtp packet loss percentage wasn't reliable because there packets missing due packet drop kernel.

but let's drawback of approach.

calling setfilter() while capturing involves fact libpcap drops packets received "while changing filter" stated in code comments function set_kernel_filter() pcap-linux.c (checked libpcap version 0.9 , 1.1).

so happens when call setfilter() , packets arrive ip-fragmented, loose fragments, , not reported libpcap statistics @ end: spotted digging traces.

now, understand reason why action done libpcap, in case need not have packet drop (i don't care getting unrelated traffic).

would have idea on how solve problem not modifying libpcap's code?

what starting new process more specific filter. have 2 parallel pcap captures going @ once. after time (or checking both received same packets) stop original.


Comments

Post a Comment

Popular posts from this blog

asp.net - repeatedly call AddImageUrl(url) to assemble pdf document -

i'm using abcpdf , i'm curious if can recursively call addimageurl() function assemble pdf document compile multiple urls? something like: int pagecount = 0; int theid = thedoc.addimageurl("http://stackoverflow.com/search?q=abcpdf+footer+page+x+out+of+", true, 0, true); //assemble document while (thedoc.chainable(theid)) { thedoc.page = thedoc.addpage(); theid = thedoc.addimagetochain(theid); } pagecount = thedoc.pagecount; console.writeline("1 document page count:" + pagecount); //flatten document (int = 1; <= pagecount; i++) { thedoc.pagenumber = i; thedoc.flatten(); } //now try again theid = thedoc.addimageurl("http://stackoverflow.com/questions/1980890/pdf-report-generation", true, 0, true); //assemble document while (thedoc.chainable(theid)) { thedoc.page = thedoc.addpage(); theid = thedoc.addimagetoc
Read more

java - Android recognize cell phone with keyboard or not? -

in android app, want detect user's device if device has keyboard(like motorola milestone) , show corresponding user interface. guys know how that? ! regards justicepenny http://developer.android.com/reference/android/content/res/configuration.html public int keyboard the kind of keyboard attached device. 1 of: keyboard_nokeys, keyboard_qwerty, keyboard_12key. that's it!
Read more

iphone - How would you achieve a LED Scrolling effect? -

how achieve led scrolling effect example below? led sign - led ticker emulator iphone , ipad http://img.skitch.com/20101201-rsfh4p1bajb1wp94k466pdpiuj.preview.jpg sometimes remunerates comment in other posts :) have put code you, should implement font '8pin matrix' realistic feeling. uilabel *label; - (void)viewdidload { [super viewdidload]; label = [[uilabel alloc]initwithframe:cgrectmake(10, 50, 300, 20)]; label.font = [uifont fontwithname:@"courier-bold" size:16.0]; label.backgroundcolor = [uicolor blackcolor]; label.textcolor = [uicolor greencolor]; label.linebreakmode = uilinebreakmodecharacterwrap; // otherwise "…" label.text = @"this led text scrolled "; // blanks space between [self.view addsubview:label]; [nstimer scheduledtimerwithtimeinterval:0.12f target:self selector:@selector(scrolllabel) use
Read more