[Winpcap-users] How to receive extended statistics from pcap_stats_ex

Mark Bednarczyk voytechs at yahoo.com
Tue Aug 7 18:40:06 GMT 2007 

 

> -----Original Message-----
> From: Guy Harris [mailto:guy at alum.mit.edu] 
...
> > I really need to understand this thoroughly before I can 
> put this call 
> > into my java API. Can someone explain to me when the extended 
> > information becomes available
> 
> It becomes available if you're running on MS-DOS.
> 
> Windows - even Windows 9x - is *not* MS-DOS in this context.

That is what I thought about the large extended structure. The
#ifdef MSDOS kind of gave it away, but that was an impressive
amount of information in it.

> 
> pcap_stats_ex() was added to libpcap by Gisle Vanem when he 
> added MS-DOS support.  It's MS-DOS-only; not only is it not 
> supported in libpcap on Windows (which is called "WinPcap"), 
> it's not supported in libpcap on any of the UN*X platforms 
> libpcap supports, either.

Yes I saw that it was only in WinPcap. That method is going
into WinPcap extension, which is not portable.

> 
> In any case, for the WinPcap version of pcap_stat_ex(), the 
> structure is documented in
> 
> 	http://www.winpcap.org/docs/docs_41b/html/structpcap__stat.html
> 
> and has only one extra field - bs_capt, which is the "number 
> of packets that are accepted by the filter, that find place 
> in the kernel buffer and therefore that actually reach the 
> application."

This is the part I was not clear about. The documentation only lists 
4 fields, while the actual structure if you define HAVE_REMOTE macro
is 6 fields. The length of the structure as returned by WinPcap's
pcap_stat_ex returns 24 bytes, in my test-rig, which
indicates 6 x 4byte fields or the entire 6 u_int structure.

I haven't build jNetPcap under linux yet, my CPU died,
but I expect that none of these WinPcap calls to be in the
code for unix build targets, as per description below about
WinPcap extension.

> Given that the jNetPcap site speaks of it as multi-platform, 
> note that you would have to return a "not supported" error 
> for pcap_stat_ex() on UN*X.

I've broken the API into 2 java packages, the base org.jnetpcap 
which is platform independent, only standard libpcap calls, and 
org.jnetpcap.winpcap which is windows specific. Before you use 
WinPcap extensions you have to do a call to WinPcap.isSupported 
which will tell you if the extension is available on the current 
platform. If not and you make a call using one of the WinPcap 
extensions, you will get a nasty OperationUnsupportedException. 

Latest docs with WinPcap extension covered:
http://jnetpcap.sf.net/docs/jnetpcap-1.0b3-javadoc/index.html

I'm truly tring to port all of the libpcap functionality into 
java world. Everything I've tried before in java obscures 
most of the functionality by layering it heavily with OOP 
constructs, which unfortunately hides most of the goodies 
of libpcap.

Cheers,
mark...
http://jnetpcap.sf.net

More information about the Winpcap-users mailing list