Name
pcap_dispatch — Prototype: int pcap_dispatch(pcap_t *p, int cnt, pcap_handler callback, u_char
*user)
Synopsis
Purpose: pcap_dispatch
captures and processes
packets while observing read timeouts specified in
pcap_open_live
. The cnt
parameter specifies the maximum number of packets that are to be
processed. When reading from a live capture, 0
up
to cnt
packets can be processed depending on the
status of the buffer. A cnt
value of
-1
processes all packets in the buffer or the
entire file, if used on a saved file. The function specified by
callback
is the name of a function of the
prototype void callback (u_char *user, const struct pcap_pkthdr *header, const u_char* packet)
. This function
is called for each packet. The user
parameter is a
user-specifiable value that is passed to the callback function when
it is invoked, and can be NULL
. The function
returns the number of packets processed if successful.
0
is returned if no packets were read (due to a
read timeout, or if in nonblocking mode and no packets were available
to be read), -1
if an error occurred, or
-2
if a call to pcap_breakloop
was made before any packets were captured. If an error has occurred,
you can use pcap_perror( )
or
pcap_geterr( )
to obtain the error message. Note
that because of the way pcap_dispatch
behaves with
different platforms, it might not necessarily return immediately
after a read timeout.
Get Network Security Tools now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.