[prev in list] [next in list] [prev in thread] [next in thread]
List: winpcap-users
Subject: [Winpcap-users] capturing traffic from multiple adapters and
From: "Oron Asaf" <AssafO () Radware ! com>
Date: 2007-08-16 12:00:20
Message-ID: 3BD447994C2D84468DE814E55E1A4CCB01F8CD59 () APOLLO ! il ! corp ! radware ! com
[Download RAW message or body]
--===============0470292693==
Content-class: urn:content-classes:message
Content-Type: multipart/alternative;
boundary="----_=_NextPart_001_01C7DFFD.056D93AA"
This is a multi-part message in MIME format.
I write a real time app that sniffs packets from multiple adapters and
stores them in a single queue for later processing. Following an example
in one of the archives I tried using WaitForMultipleObjects where I wait
on an array of event handles obtained for each adapter through
pcap_getevent. Whenever I get an event I start a loop of pcap_next_ex
which reads packets as long as this function returns status > zero.
Otherwise I quit the loop and return to wait on WaitForMultipleObjects .
I have encountered several issues:
1. Regarding the read time out. What does its expiration mean? What
should I do if I receive it, exit the loop since no more packets were
read? Currently I use read timoeout = -1 to avoid return status zero in
pcap_next_ex.
2. When does wpcap generate an event? For each packet? Is it
related to the read timeout in any way? Can I control it?
3. Before using events I tried to use the callback method and ran
into crashes. The callback used a semaphore to prevent simultaneous
writes into the packet queue generated by my program: sometimes the call
to the semaphore would crash. Is the wpcap callback called from within
an interrupt handler since this would explain such behavior? Does
anybody know of a way to work safely with callbacks for multiple
adapters which share common resources?
Thank you
Asaf
[Attachment #3 (text/html)]
<html xmlns:v="urn:schemas-microsoft-com:vml" \
xmlns:o="urn:schemas-microsoft-com:office:office" \
xmlns:w="urn:schemas-microsoft-com:office:word" \
xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
<style>
<!--
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:Arial;
color:windowtext;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;}
div.Section1
{page:Section1;}
/* List Definitions */
@list l0
{mso-list-id:113642811;
mso-list-type:hybrid;
mso-list-template-ids:-1389318142 67698703 67698713 67698715 67698703 67698713 \
67698715 67698703 67698713 67698715;} @list l0:level1
{mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>I write a real time app that sniffs packets from multiple
adapters and stores them in a single queue for later processing. Following an example
in one of the archives I tried using WaitForMultipleObjects where I wait on an
array of event handles obtained for each adapter through </span></font><font
color=black><span style='color:black'>pcap_getevent. Whenever I get an event I start
a loop of pcap_next_ex which reads packets as long as this function returns status
> zero. Otherwise I quit the loop and return to wait on </span></font><font
size=2 face=Arial><span \
style='font-size:10.0pt;font-family:Arial'>WaitForMultipleObjects
. </span></font><font color=black><span style='color:black'>I have encountered \
several issues:<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=3 color=black face="Times New Roman"><span
style='font-size:12.0pt;color:black'><o:p> </o:p></span></font></p>
<ol style='margin-top:0in' start=1 type=1>
<li class=MsoNormal style='color:black;mso-list:l0 level1 lfo1'><font size=3
color=black face="Times New Roman"><span style='font-size:12.0pt'>Regarding
the read time out. What does its expiration mean? What should I do if I receive
it, exit the loop since no more packets were read? Currently I use read
timoeout = -1 to avoid return status zero in pcap_next_ex. \
<o:p></o:p></span></font></li> <li class=MsoNormal style='mso-list:l0 level1 \
lfo1'><font size=3 color=black
face="Times New Roman"><span style='font-size:12.0pt;color:black'>When
does wpcap generate an event? For each packet? Is it related to the read
timeout in any way? Can I control it?</span></font><font size=2
face=Arial><span \
style='font-size:10.0pt;font-family:Arial'><o:p></o:p></span></font></li> <li \
class=MsoNormal style='mso-list:l0 level1 lfo1'><font size=3 \
color=black
face="Times New Roman"><span style='font-size:12.0pt;color:black'>Before using
events I tried to use the callback method and ran into crashes. The callback
used a semaphore to prevent simultaneous writes into the packet queue generated
by my program: sometimes the call to the semaphore would crash. Is the wpcap
callback called from within an interrupt handler since this would explain such
behavior? Does anybody know of a way to work safely with callbacks for
multiple adapters which share common resources?</span></font><font size=2
face=Arial><span \
style='font-size:10.0pt;font-family:Arial'><o:p></o:p></span></font></li> </ol>
<p class=MsoNormal><font size=3 color=black face="Times New Roman"><span
style='font-size:12.0pt;color:black'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=3 color=black face="Times New Roman"><span
style='font-size:12.0pt;color:black'>Thank you <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=3 color=black face="Times New Roman"><span
style='font-size:12.0pt;color:black'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=3 color=black face="Times New Roman"><span
style='font-size:12.0pt;color:black'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=3 color=black face="Times New Roman"><span
style='font-size:12.0pt;color:black'>Asaf</span></font><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'><o:p></o:p></span></font></p>
</div>
</body>
</html>
_______________________________________________
Winpcap-users mailing list
Winpcap-users@winpcap.org
https://www.winpcap.org/mailman/listinfo/winpcap-users
--===============0470292693==--
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic