My application promiscuously sniffs packets (with a compiled packet filter) on an Ethernet interface and I'd like to know if any packets are dropped and not making to my application buffer.
The manpage for pcap_stats is vague and might (or might not) explain the function.
So how do I determine if my particular combination of kernel, distribution, and libpcap supports dropped packet detection?
The statistics do not behave the same way on all platforms. ps_recv might count packets whether they passed any filter set with pcap_setfilter(3PCAP) or not, or it might count only packets that pass the filter. It also might, or might not, count packets dropped because there was no room in the operating system's buffer when they arrived. ps_drop is not available on all platforms; it is zero on platforms where it's not available. If packet filtering is done in libpcap, rather than in the operating system, it would count packets that don't pass the filter. Both ps_recv and ps_drop might, or might not, count packets not yet read from the operating system and thus not yet seen by the application. ps_ifdrop might, or might not, be implemented; if it's zero, that might mean that no packets were dropped by the interface, or it might mean that the statistic is unavailable, so it should not be treated as an indication that the interface did not drop any packets.
$ uname -a
Linux dvstorblackXS 3.10.80-1.el6.elrepo.i686 #1 SMP Sun Jun 7 08:15:14 EDT 2015 i686 i686 i386 GNU/Linux
$ ldd *myApplicationBinary*
libpcap.so.1 => /usr/local/lib/libpcap.so.1 (0xb76e2000)
$ ls -l /usr/local/lib/libpcap.*
-rw-r--r-- 1 root root 774522 Mar 5 2016 /usr/local/lib/libpcap.a
lrwxrwxrwx 1 root root 12 Mar 5 2016 /usr/local/lib/libpcap.so -> libpcap.so.1
lrwxrwxrwx 1 root root 16 Mar 5 2016 /usr/local/lib/libpcap.so.1 -> libpcap.so.1.6.2
-rwxr-xr-x 1 root root 572307 Mar 5 2016 /usr/local/lib/libpcap.so.1.6.2
$ cat /etc/redhat-release
CentOS release 6.6 (Final)
