New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Npcap: feature request: select function #993

Closed
gpotter2 opened this Issue Aug 29, 2017 · 4 comments

Comments

Projects
None yet
3 participants
@gpotter2

gpotter2 commented Aug 29, 2017

Hello all, @hsluoyz

Just asking if the famous select function could be added to npcap ?
This function would wait until a packet is available to read, and return. It would be callable with a pcap_open object.

We would definatly need it in our program: I tried to emulate its behavior by using a WaitForSingleObject trick or similar, but it seems that it conflicts with Npcap itself, so I couldn't implement it on our side...

I guess that by using something like PacketReceivePacket(p->adapter, p->Packet, TRUE), it wouldn't be too hard to achieve.

Would be really great to have it ! (and btw a great reason for switching to npcap)

Thanks a lot in advance !

@hsluoyz

This comment has been minimized.

Show comment
Hide comment
@hsluoyz

hsluoyz Aug 30, 2017

Member

Hi @gpotter2 ,

The Windows alternative for select is just WaitForSingleObject you mentioned. Why it conflicts with Npcap itself? I'm not very familar with it but does libpcap have a function for it like pcap_read_packet_block()? Because you know Npcap follows latest libpcap API now. All exposed API should go through libpcap. Even if PacketReceivePacket can work out, it needs to be provided in libpcap.

Member

hsluoyz commented Aug 30, 2017

Hi @gpotter2 ,

The Windows alternative for select is just WaitForSingleObject you mentioned. Why it conflicts with Npcap itself? I'm not very familar with it but does libpcap have a function for it like pcap_read_packet_block()? Because you know Npcap follows latest libpcap API now. All exposed API should go through libpcap. Even if PacketReceivePacket can work out, it needs to be provided in libpcap.

@gpotter2

This comment has been minimized.

Show comment
Hide comment
@gpotter2

gpotter2 Aug 30, 2017

For instance, I tried using (in python)

handlers = [pcap_getevent(s.[stuff]) for s in sockets]
# s.stuff... is a pcap_open_live object
status = ctypes.windll.kernel32.WaitForMultipleObjects(len(sockets), (ctypes.c_int*len(handlers))(*handlers), ctypes.c_bool(False), int(timeout*1000))

This always return WAIT_TIMEOUT (=0x00000102). Same using WaitForSingleObject (implementation is a bit different). Using INFINITE (=0xFFFFFFFF) never returns.

The question is why.

It seems that if one do two WaitFor... calls at the same time, this kind of bug can appear...

I think https://github.com/nmap/npcap/blob/2337a918ff9299526968842c58fe2afbb9c46db5/packetWin7/Dll/Packet32.cpp#L3145 or similar, could be the reason of this :/

gpotter2 commented Aug 30, 2017

For instance, I tried using (in python)

handlers = [pcap_getevent(s.[stuff]) for s in sockets]
# s.stuff... is a pcap_open_live object
status = ctypes.windll.kernel32.WaitForMultipleObjects(len(sockets), (ctypes.c_int*len(handlers))(*handlers), ctypes.c_bool(False), int(timeout*1000))

This always return WAIT_TIMEOUT (=0x00000102). Same using WaitForSingleObject (implementation is a bit different). Using INFINITE (=0xFFFFFFFF) never returns.

The question is why.

It seems that if one do two WaitFor... calls at the same time, this kind of bug can appear...

I think https://github.com/nmap/npcap/blob/2337a918ff9299526968842c58fe2afbb9c46db5/packetWin7/Dll/Packet32.cpp#L3145 or similar, could be the reason of this :/

@gpotter2

This comment has been minimized.

Show comment
Hide comment
@gpotter2

gpotter2 Aug 30, 2017

I also discovered that the previous example works if the buffer has many packets in it.

  • when it has only a few things in it, previous example fails
  • when it has many stuff, it succeeds.

Could you try to show me a working example of what the doc says:
https://www.winpcap.org/docs/docs_40_2/html/group__wpcapfunc.html#g2c415e9192c7b18a81a02300ae6f2c02
I cannot make any that works :/

gpotter2 commented Aug 30, 2017

I also discovered that the previous example works if the buffer has many packets in it.

  • when it has only a few things in it, previous example fails
  • when it has many stuff, it succeeds.

Could you try to show me a working example of what the doc says:
https://www.winpcap.org/docs/docs_40_2/html/group__wpcapfunc.html#g2c415e9192c7b18a81a02300ae6f2c02
I cannot make any that works :/

@dmiller-nmap

This comment has been minimized.

Show comment
Hide comment
@dmiller-nmap

dmiller-nmap Sep 6, 2017

You can check out Nmap's implementation of a pcap_select function that does this in a cross-platform manner. It uses WaitForSingleObject on the event returned by the Npcap API function pcap_getevent.

dmiller-nmap commented Sep 6, 2017

You can check out Nmap's implementation of a pcap_select function that does this in a cross-platform manner. It uses WaitForSingleObject on the event returned by the Npcap API function pcap_getevent.

@gpotter2 gpotter2 closed this May 18, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment