<div dir="ltr"><div><div>Hi,<br><br>Here's an update-<br><br></div>I compiled packet.lib and wpcap.lib myself, using Visual Studio 2008. I changed the Visual Studio option Runtime Library to Multi-threaded DLL (link flag /MD) for both solution files. Inspecting the dlls with Dependency Walker shows the dependency on MSVCR90.dll. Still, no luck. Running my test program I got the same result as before. I thought that this should have worked, perhaps I made a mistake along the way.<br>
<br></div>So, I decided I'd add the functions I needed to the wpcap dll. I added:<br><br>int pcap_fgetpos(pcap_t *p, fpos_t *pos)<br>{<br> return fgetpos(p->sf.rfile, pos);<br>}<br><br>int pcap_fsetpos(pcap_t *p, fpos_t *pos)<br>
{<br> return fsetpos(p->sf.rfile, pos);<br>}<br><div><br>
</div><div>If I use these functions from the wcap.dll then my program runs correctly. I can live with this for now.<br><br></div><div>It anyone has other ideas for implementing pcap file seeking, I'd be interested to know. Clemens' email suggested I look at Wireshark's wiretap library. I read that, and it appears to implement packet seeking, but the wiretap library may be a larger dependency then I can take on, and I'm not sure if the library is meant to be used by programs other than Wireshark.<br>
</div><div><br>Pat<br></div><div><br><br><br></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Apr 24, 2013 at 3:49 AM, Guy Harris <span dir="ltr"><<a href="mailto:guy@alum.mit.edu" target="_blank">guy@alum.mit.edu</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im"><br>
On Apr 23, 2013, at 4:11 AM, Pat Marion <<a href="mailto:pat.marion@kitware.com">pat.marion@kitware.com</a>> wrote:<br>
<br>
> Perhaps, as Guy suggests, I am making dangerous assumptions on the pcap file layout,<br>
<br>
</div>No, the pcap file layout isn't going to change.<br>
<br>
What you might be making is the dangerous assumption that every capture file opened by libpcap/WinPcap will be a pcap file (which is already not true for libpcap, starting with libpcap 1.1.0, and will eventually not be true for WinPcap, either), so *if* your program "knows" that there's a 24-byte header at the beginning of the file and that every record has a 16-byte header, its knowledge is potentially out-of-date.<br>
<br>
In addition, if you seek around in a pcap-ng file, you might end up reading blocks such as Interface Description Blocks twice; the current libpcap code assumes it's reading the file sequentially, and doesn't realize that it might have seen an IDB before, and might get confused. (I'll check whether it'd be confused by that.)<br>
<div class="im"><br>
> and my general strategy of using file seeking is one that I will have to ultimately abandon.<br>
><br>
> Anyway, the output values depend on the pcap file used for testing. An example output on macosx:<br>
><br>
> File position after pcap_fopen_offline: 24<br>
> File position after pcap_next_ex: 1288<br>
> Expected file position: 1288<br>
><br>
> While on Windows it prints:<br>
><br>
> File position after pcap_fopen_offline: 4096<br>
> File position after pcap_next_ex: 4096<br>
> Expected file position: 1288<br>
><br>
> My speculation is that file buffering is used by stdio,<br>
<br>
</div>That's true, by default, on all platforms.<br>
<div class="im"><br>
> and ftell called within the winpcap dll would report the correct file read position, but ftell called by my program returns the location at the end of the read buffer.<br>
<br>
</div>More precisely, ftell called by your program is making assumptions about the content of the FILE structure when calculating the read position that are not true about the FILE structure a pointer to which is returned by pcap_fopen_offline(), and, as a result of making that assumption, it's calculating an incorrect value that happens to be the location at the end of the read buffer.<br>
<div class="HOEnZb"><div class="h5">_______________________________________________<br>
Winpcap-users mailing list<br>
<a href="mailto:Winpcap-users@winpcap.org">Winpcap-users@winpcap.org</a><br>
<a href="https://www.winpcap.org/mailman/listinfo/winpcap-users" target="_blank">https://www.winpcap.org/mailman/listinfo/winpcap-users</a><br>
</div></div></blockquote></div><br></div>