pcap_loop和pcap_dispatch的區別

Question

pcap_loop和pcap_dispatch的區別究竟是什麼？

Answer 1

該手冊描述了這個驚人的好（我是說，一個直面，承諾）。從man pcap_loop：

pcap_loop() processes packets from a live capture or ``savefile'' 
    until cnt packets are processed, the end of the ``savefile'' is 
    reached when reading from a ``savefile'', pcap_breakloop() is called, 
    or an error occurs. It does not return when live read timeouts 
    occur. A value of -1 or 0 for cnt is equivalent to infinity, so that 
    packets are processed until another ending condition occurs. 

    pcap_dispatch() processes packets from a live capture or ``savefile'' 
    until cnt packets are processed, the end of the current bufferful of 
    packets is reached when doing a live capture, the end of the ``save‐ 
    file'' is reached when reading from a ``savefile'', pcap_breakloop() 
    is called, or an error occurs. Thus, when doing a live capture, cnt 
    is the maximum number of packets to process before returning, but is 
    not a minimum number; when reading a live capture, only one bufferful 
    of packets is read at a time, so fewer than cnt packets may be pro‐ 
    cessed. A value of -1 or 0 for cnt causes all the packets received in 
    one buffer to be processed when reading a live capture, and causes 
    all the packets in the file to be processed when reading a ``save‐ 
    file''. 

我知道你不是真的想要閱讀和理解這一切，讓我們把它分解。

兩種功能：從現場捕獲或「SAVEFILE」，直到任何這些條件

• 處理數據包發生：在達到
  • 指定計數「SAVEFILE的
  • 結束「達到
  • pcap_breakloop（）被調用
  • 發生錯誤
• 考慮-1或0本質上是指「處理無限數量的數據包」 - 也就是說，直到出現另一個結束條件。 （-1建議與舊版本的互操作性，在手冊的後面）

pcap_dispatch（單獨

• 分組的當前bufferful結束後也返回）到達，做的時候實時捕捉（換句話說，可以更頻繁地返回，因爲指定的計數不是最小值）