Hi.
First of all, do NOT send HTML messages to the list. Use plain text.
Replies are quoted with --GV--
Have a nice day GV
----- Original Message ----- From: Cefur
To: winpcap-users@winpcap.polito.it
Sent: Tuesday, January 04, 2005 11:01 AM
Subject: [WinPcap-users] "priority" of capture driver and port filtering problem
First question:
Like a lot of you I have made a bridge with WinPCap and now I am playing with it. So I made a little test. When the "bridge" computer is not under heavy load the latency of the bridge is not so big (it can be tolerated). But when this computer is 100% utilized (under heavy load) then an erratic behavior happens. For a couple of seconds the latency is normal then sky rockets (probably a lot of packets is lost - I didn't checked yet) and then again few seconds normal ... etc. I set the priority of the program to critical but that didn't help.
settings: setmintocopy = 0 (for low latency)
Well I was wondering could it be that capturing driver "priority" is too low? Well I know it was already talked about ... but I didn't find any good answer. What I am asking is, can this "priority" of the driver be set any higher?
--GV--
The concept of "priority" is related to threads. The driver does not run in the context of a thread. It's rather run in the context of a software interrupt (called DPC = Deferred Procedure Call in the WinNT terminology). As a consequence, it runs with a "priority" (the term is abused, here, the right term is IRQL, in the WinNT terminology) higher than any thread. The performance problem you are having can be due to a number of reasons, the most probable ones are:
1. a poorly performing NIC card or NIC driver
2. having set mintocopy to 0, basically you are polling the driver continuously--> the number of ring switches (userland-->kernel-->userland) is high, and this switch is very expensive.
3. although WinPcap can be used to build bridges, it was created with a different objective in mind (packet capture, and packet send for "testing purposes"). As a consequence, responsiveness was sacrificed in favor of a higher packet capture rate. If you want to create a high performance bridge, maybe winpcap is not the best choice. A custom kernel driver for it maybe will be a better solution.
--GV--
Second question:
How can I pcap_open_dead with pcap_open (for example I would like just to send packets and not capture it from an adapter)?
--GV--
pcap_open_dead is used to open a fake pcap adapter. There is no way to open a pcap adapter to send packets, only. However, you can open an adapter in non-promiscuous mode, and only send packets through it, and not receiving packets thorugh it.
--GV--
Third question:
How can I set filter to capture only on ports higher then 139, because something like "port > 139" doesn't work?
--GV-- The right syntax for tcp is "tcp[0:2] > 139 or tcp[2:2] > 139" --GV--
Thx.
================================================================== This is the WinPcap users list. It is archived at http://www.mail-archive.com/winpcap-users@winpcap.polito.it/
To unsubscribe use mailto: [EMAIL PROTECTED]
==================================================================
