guyharris
commented
2 months ago pcap_set_immediate_mode() causes PacketSetMinToCopy() to be called, at activate time, to set the min-to-copy to 0.
The NPF driver documentation says
On the other hand, it can be noticed that also the minimum amount of data that can be copied in a single call is extremely important. In presence of a large value for this variable, the kernel waits for the arrival of several packets before copying the data to the user. This guarantees a low number of system calls, i.e. low processor usage, which is a good setting for applications like sniffers. On the other side, a small value means that the kernel will copy the packets as soon as the application is ready to receive them. This is excellent for real time applications (like, for example, ARP redirectors or bridges) that need the better responsiveness from the kernel.
which seems to suggest that a small value will cause packets to be delivered as soon as they're received, which is what immediate mode means. If that's not sufficient to cause the NPF driver to wakeup userland as soon as a single packet arrives, whatever else is required needs to be done at activate time as well. If 0 isn't an appropriate "small value", it needs to use another value - 1?
yakamoz423
Describe the bug
In my test program, I opened a TAP adapter using pcap_create(), and pcap_set_timeout() to set timeout which should have no effect due to the following immediate mode, and pcap_set_immediate_mode(), then pcap_activate().
But when I use pcap_next_ex() to poll a received packet, there is still a timeout waitting in immediate mode. I expect it should return immediately, even if no packets are available.
When I set timeout to
-1which is not allowed in the document, the pcap_next_ex() become immediate. But the side effect is pcap_loop() thread takes too much CPU.I didn't mixed pcap_next_ex() and pcap_loop() in one program, just init two ways with same configuration.
Diagnostic information