2009/2/27 Guy Harris <g...@alum.mit.edu>
>
> On Feb 26, 2009, at 5:22 PM, Guy Harris wrote:
>
> The *accuracy* is limited by the fact that most network adapters aren't
>> designed primarily for use when capturing traffic, so they don't do their
>> own packet timestamping, and libpcap normally just plugs into the OS's
>> built-in facilities for capturing packets, and those either use the OS's
>> networking stack, which is designed primarily for regular network traffic
>> rather than traffic capture and might sacrifice low latency for higher
>> throughput (thus adding delays that get in the way of time stamping), and
>> which plugs into device drivers *also* designed primarily for regular
>> network traffic rather than traffic capture, or use something such as BPF
>> that might bypass the networking stack but *doesn't* bypass the driver.
>>
>
> Although it *appears* that, with current versions of the Linux kernel, the
> driver *could* timestamp the packet (setting the time in the skbuff) and
> netif_rx() won't timestamp it itself:
>
> int netif_rx(struct sk_buff *skb)
> {
> struct softnet_data *queue;
> unsigned long flags;
>
> /* if netpoll wants it, pretend we never saw it */
> if (netpoll_rx(skb))
> return NET_RX_DROP;
>
> if (!skb->tstamp.tv64)
> net_timestamp(skb);
>
> ...
>
> so that if the network adapter provided a time stamp along with the packet
> data, the driver would set the time stamp for the skbuff before handing it
> to the networking stack.
>
> Similarly, with variants of the bpf_tap() and bpf_mtap() kernel APIs that
> take a time stamp as an argument, the BPF mechanisms in *BSD could let the
> driver supply a time stamp when it hands a packet to BPF.
>
> That would let you have a regular network adapter that time-stamps packets
> itself, so you could get accurate time stamps on incoming packets and still
> have the adapter usable as a regular network adapter as well as an adapter
> for capturing traffic. You still wouldn't get accurate time stamps on
> *outgoing* packets, if by "accurate" you mean "gives the time at which the
> packet was put onto the network".
Thank you for your informations, I apologize for melting precision and
accuracy, you understood my mistake.
I worked on old Linux Kernel versions so I will try the latest ones to see
hardware timestamping. So now I have to search for Network cards which can
timestamp the packets with nanosecond resolution (Endace DAG cards can
apparently do that) and then modify a bit libPcap to take advantage of the
nanosecond timestamping (nanosecond timestamp MagicNumber etc.).
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
