winpcap在linux安装教程,在winpcap和linux libpcap上做什么to_ms = -1？

在winpcap和linux libpcap上做什么to_ms = -1？

无法预测。引用主分支pcap(3pcap)手册页：

packet buffer timeout

If, when capturing, packets are delivered as soon as they

arrive, the application capturing the packets will be woken up

for each packet as it arrives, and might have to make one or

more calls to the operating system to fetch each packet.

If, instead, packets are not delivered as soon as they arrive,

but are delivered after a short delay (called a "packet buffer

timeout"), more than one packet can be accumulated before the

packets are delivered, so that a single wakeup would be done for

multiple packets, and each set of calls made to the operating

system would supply multiple packets, rather than a single

packet. This reduces the per‐packet CPU overhead if packets are

arriving at a high rate, increasing the number of packets per

second that can be captured.

The packet buffer timeout is required so that an application

won’t wait for the operating system’s capture buffer to fill up

before packets are delivered; if packets are arriving slowly,

that wait could take an arbitrarily long period of time.

Not all platforms support a packet buffer timeout; on platforms

that don’t, the packet buffer timeout is ignored. A zero value

for the timeout, on platforms that support a packet buffer time‐

out, will cause a read to wait forever to allow enough packets

to arrive, with no timeout.

NOTE: the packet buffer timeout cannot be used to cause calls

that read packets to return within a limited period of time,

because, on some platforms, the packet buffer timeout isn’t sup‐

ported, and, on other platforms, the timer doesn’t start until

at least one packet arrives. This means that the packet buffer

timeout should NOT be used, for example, in an interactive

application to allow the packet capture loop to ‘‘poll’’ for

user input periodically, as there’s no guarantee that a call

reading packets will return after the timeout expires even if no

packets have arrived.

没有关于负超时的说法;我会更新它明确地说不应该使用负值。 (不是在Windows上，不在MacOS上，不在Linux上，不在* BSD上，不在Solaris上，不在AIX上，不在HP-UX上，不在Tru64 UNIX上，不在IRIX上，而不在上，任何东西)

通过将超时设置为-1，它们可能是意图将pcap_t置于“非阻塞模式”，其中尝试读取将在没有数据包等待读取时立即返回，而不是等待数据包到达。因此，请在pcap_open_live()调用之后提供例如100(表示1/10秒)的超时并使用pcap_setnonblock()将pcap_t置于非阻塞模式。这应该在全部平台上工作。