Beefy Boxes and Bandwidth Generously Provided by pair Networks
Clear questions and runnable code
get the best and fastest answer

Net::Pcap Filters and alarm() [SOLVED]

by return0 (Acolyte)
on Apr 09, 2014 at 17:42 UTC ( #1081702=perlquestion: print w/replies, xml ) Need Help??
return0 has asked for the wisdom of the Perl Monks concerning the following question:

Hello again Monks! :) I have a dilemma with Net::Pcap filters. I need to listen on a *very* busy device for specific packets using Net::Pcap::setfilter/compile. (I loop over a few IP addresses and listen for about 5 seconds for each one)

If I do so, the packet handler in Net::Pcap::loop($pcap, -1, \&pcap_handler, ''); never runs (until it sees the specific packet (e.g. I induce one with ping in another terminal and it works)), so I cannot seem to use alarm()! I also cannot use the Net::Pcap TimeoutOnNext, because, the network device is so incredibly busy, that it would constantly be resetting the timer, or never reset from my filters.

Have any of you Monks ever done this? I have spent about 3 days testing in Perl, searching Google and this site and found lots of resources, but none that work for my strange situation.

Here is some code that works until a filter is placed onto $pcap, I just tried it:;displaytype=displaycode;node_id=805992;part=4

Say I set the filter "src net" the alarm times out, but Net::Pcap::breakloop can't be called because Net::Pcap::loop never returns making the program hang. (until in another terminal I ping!)

Thanks in advance, you guys are awesome! :D

Edit-Edit: I just found out this is a BUG: Supposedly fixed too..(in 2005) I am still testing stuff and update frequently :(

Replies are listed 'Best First'.
Re: Net::Pcap Filters and alarm()
by VinsWorldcom (Parson) on Apr 09, 2014 at 20:13 UTC
      OMG write my own loop function! derp! why didn't i think of that?! :) Thank you, I will post back if I have success tonight. I can always count on your advice, Monks. <3
      Thank you thank you thank you! :D I got it now. Instead of using the rabbit hole pcap_loop, I have my own sub routine that just goes through each packet that matches my pcap_filter. I kinda wish cpan were like wikipedia and we could contribute documentation! :S

      Thanks again!
Re: Net::Pcap Filters and alarm()
by oiskuu (Hermit) on Apr 09, 2014 at 18:18 UTC

    What happens if you pcap_close($pcap) in the alarm handler?

      Alarm handler never gets called. I put a print statement there to notify me :(
      if the timeout is reached before i ping in another terminal, the Net::Pcap::loop returns and executes the alarm() handler before continuing the process the packet! what?!
        Nice to see it's not just me, that's got a packet to his head. Why stick to Net::Pcap if it's broken? What did you use instead?

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://1081702]
Front-paged by Corion
and the daffodils sway...

How do I use this? | Other CB clients
Other Users?
Others musing on the Monastery: (8)
As of 2017-10-21 14:05 GMT
Find Nodes?
    Voting Booth?
    My fridge is mostly full of:

    Results (270 votes). Check out past polls.