@@ -39,13 +39,23 @@ pcap._LIB_VERSION is the libpcap version string, as returned from pcap_lib_versi
3939
4040Open a source device to read packets from.
4141
42+
4243- device is the physical device (defaults to "any")
44+
4345- snaplen is the size to capture, where 0 means max possible (defaults to 0)
46+
4447- promisc is whether to set the device into promiscuous mode (default is false)
48+
4549- timeout is the timeout for reads in seconds (default is 0, return if no packets available)
4650
4751
4852
53+ -- dumper:close()
54+
55+ Manually close a dumper object, freeing it's resources (this will happen on
56+ garbage collection if not done explicitly).
57+
58+
4959-- pcap.DLT = { EN10MB=DLT_EN10MB, [DLT_EN10MB] = "EN10MB", ... }
5060
5161DLT is a table of common DLT types. The DLT number and name are mapped to each other.
@@ -61,7 +71,9 @@ in pcap.open_dead().
6171
6272-- cap = pcap.open_dead([linktype, [caplen]])
6373
74+
6475- linktype is one of the DLT numbers, and defaults to pcap.DLT.EN10MB.
76+
6577- caplen is the maximum size of packet, and defaults to ...
6678
6779caplen defaults to 0, meaning "no limit" (actually, its changed into
@@ -74,12 +86,18 @@ BPF program.
7486
7587-- cap = pcap.open_offline([fname])
7688
77- - fname defaults to "-", stdin.
89+ fname defaults to "-", stdin.
7890
7991Open a savefile to read packets from.
8092
81- FIXME - in retrospect, fname defaulting to stdin causes unsuspecting users to
82- think this API is hanging, when they don't actually have a pcap on stdin...
93+ Warning, fname defaulting to stdin causes unsuspecting users to
94+ think this API is hanging, when they don't actually have a pcap on stdin.
95+
96+
97+ -- cap:close()
98+
99+ Manually close a cap object, freeing it's resources (this will happen on
100+ garbage collection if not done explicitly).
83101
84102
85103-- dumper = cap:dump_open([fname])
@@ -92,7 +110,9 @@ it's created.
92110
93111-- cap = cap:set_filter(filter, nooptimize)
94112
113+
95114- filter is the filter string, see tcpdump or pcap-filter man page.
115+
96116- nooptimize can be true if you don't want the filter optimized during compile
97117 (the default is to optimize).
98118
@@ -105,6 +125,14 @@ function returns that as a number.
105125See pcap.DLT for more information.
106126
107127
128+ -- fd = cap:getfd()
129+
130+ Get a selectable file descriptor number which can be used to wait for packets.
131+
132+ Returns the descriptor number on success, or nil if no such descriptor is
133+ available (see pcap_get_selectable_fd).
134+
135+
108136-- capdata, timestamp, wirelen = cap:next()
109137
110138Example:
@@ -115,21 +143,28 @@ Example:
115143
116144Returns capdata, timestamp, wirelen on sucess:
117145
146+
118147- capdata is the captured data
148+
119149- timestamp is in seconds, theoretically to microsecond accuracy
150+
120151- wirelen is the packets original length, the capdata may be shorter
121152
122- Returns nil,emsg on falure, where emsg is:
153+ Returns nil,emsg on failure, where emsg is:
154+
123155
124156- "timeout", timeout on a live capture
157+
125158- "closed", no more packets to be read from a file
159+
126160- ... some other string returned from pcap_geterr() describing the error
127161
128162
129- -- cap:destroy( )
163+ -- sent = cap:inject(packet )
130164
131- Manually destroy a cap object, freeing it's resources (this will happen on
132- garbage collection if not done explicitly).
165+ Injects packet.
166+
167+ Return is bytes sent on success, or nil,emsg on failure.
133168
134169
135170-- dumper = dumper:dump(pkt, [timestamp, [wirelen]])
@@ -155,12 +190,6 @@ Returns self on sucess.
155190Returns nil and an error msg on failure.
156191
157192
158- -- dumper:destroy()
159-
160- Manually destroy a dumper object, freeing it's resources (this will happen on
161- garbage collection if not done explicitly).
162-
163-
164193-- secs = pcap.tv2secs(seci, useci)
165194
166195Combine seperate seconds and microseconds into one numeric seconds.
0 commit comments