Hi. ----- Original Message ----- From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, June 04, 2002 8:31 AM Subject: [WinPcap-users] How to Interrupt the driver, while it is in the process of capturing.
> Dear Sir/Madam, > > We are using Winpcap driver over windows 2000. The scenario is like this.. > The "PacketReceivePacket" function of the driver is called to capture > packets from the network adapter. It returns whenever the buffer allocated > to it is filled. It's not completely true. > Sometimes it takes lot of time, specially when buffer size > is big. The problem is that the call to driver is blocking, sometimes it is > desirable to stop the capturing process in between, but we do not know how > to do it as no such functions as Interrupt is provided to stop the > capturing process dynamically. Can you help me regarding this. > Suppose the size of buffer specified is 1 MB, and it takes some 2 mins > (say) to capture those many packets from the network and we want to stop it > before 2 mins randomly at any time. Is there anything like Interrupt which > will cause "PacketReceivePacket" function to return prematurely. > There is another call "PacketSetReadTimeOut" which allow us to set time for > which capturing will be done. No. This is the timeout after which the PacketReceivePacket returns, the capture continues at kernel level, and the packets are saved in the ring buffer present at kernel level, and whose dimension is set through PacketSetBuff(). > But it still doesnt solve the probem. Let it > be set to 2mins, then the requirement will be to stop capturing prematurely > before 2mins. For this we need something similar to Interrupt which allow > us to stop capturing prematurely. > > I hope you understood the problem. Please suggest me regarding this. > Thanks and regards > > With Best Wishes > Ali Ahmed Shakir > L&T Infotech Ltd > > I think you have not understood well how the driver works. The packets captured by the driver (at kernel level) are stored in a kernel circular buffer (whose size is set by PacketSetBuff). When you perform a READ (PacketReceivePacket), the packets are copied from the kernel buffer to the user buffer (the LPPACKET parameter). PacketReceivePacket remains blocked if there are not enough packets to be copied (this minimal amount is set through the API PacketSetMinToCopy) for a maximum time that is set through PacketSetReadTimeout. When PacketReceivePacket returns, either the timeout expired, or there were enough packets to be copied from the kernel buffer to the user buffer. Remember that the capture continues even after PacketReceivePacket returns (it stops when you close the adapter), and the packets are stored in the kernel buffer. If you want more details on the working principle of WinPcap, I strongly suggest you to read the WinPcap packet.dll API manual (on the winpcap website), and the graduation thesis of Loris Degioanni, present at http://winpcap.polito.it/docs/th_degio.zip (the first chapter is in Italian, the rest of the paper is in English). GV >
