Hi,
I have traced through the code all the way down to function calls in
packet32.c and even looked over the device driver code. But can see no
obvious reason why calling "pcap_setbuff" causes this unusual behaviour.
I traced the code through "pcap_read" to "PacketReceivePacket".
In PacketReceivePacket I checked to see if WaitForSingleObject was failing.
This was, however, returning a success, as was the "ReadFile" call.
"ReadFile" function was always returning zero (0) bytes though. Which
resulted in "pcap_read" returning the default value of "n" which just
happens to correspond to a timeout response (i.e. zero).
I then tried a completely different way, and changed the "#define SIZE_BUFF"
in pcap-win32.c to 40960000 and did not call pcap_setbuff from my test
application.
This seemed to work fine. No timeouts were generated and the kernel memory
usage went up by about 40MB as expected
So, I thought, that it may be that the 2 calls to "pcap_setbuff" were
somehow causing a problem.
To test this out, I commented out the call to "pcap_setbuff" in
"pcap_open_live" function in "pcap-win32.c" and called "pcap_setbuff" from
my test application to see if this would work.
This worked fine. No timeouts were generated.
So, it looks like, for some reason, when there is heavy network load,
calling "pcap_setbuff" twice is causing problems. This is regardless of the
size of the buffer. I tried setting it to 10MB, 1MB and even 10K. The only
difference I noticed was that the 10K buffer size caused the timeout
responses to occur once a second. Whereas the other values resulted in
timeouts occuring as fast as they could come through.
I am including a copy of my test application at the bottom of this response.
Does anyone out there have any ideas how I can get around this without
customising wpcap.dll.
To build it just create a console App project in Visual C++ and put this
code into your main program file and link wpcap.lib .
Thanks
Steve
// WinPCapConsole.cpp : Defines the entry point for the console application.
//
#include "stdafx.h"
#define REMOTE
#define HAVE_U_INT32_T
#include "pcap.h"
#include ".\winpcap\wpcap\libpcap\pcap-int.h"
/* prototype of the packet handler */
void packet_handler(u_char *param, const struct pcap_pkthdr *header, const
u_char *pkt_data);
void display_packet(char * cMessage, const struct pcap_pkthdr *header, const
u_char *pkt_data);
void ReadPackets(pcap_t *adhandle, bool bGetError);
main()
{
pcap_if_t *alldevs;
pcap_if_t *d;
int inum;
int i=0;
pcap_t *adhandle;
char errbuf[PCAP_ERRBUF_SIZE];
/* Retrieve the device list */
if (pcap_findalldevs(&alldevs, errbuf) == -1)
{
fprintf(stderr,"Error in pcap_findalldevs: %s\n", errbuf);
exit(1);
}
/* Print the list */
for(d=alldevs; d; d=d->next)
{
printf("%d. %s", ++i, d->name);
if (d->description)
printf(" (%s)\n", d->description);
else
printf(" (No description available)\n");
}
if(i==0)
{
printf("\nNo interfaces found! Make sure WinPcap is installed.\n");
return -1;
}
printf("Enter the interface number (1-%d):",i);
scanf("%d", &inum);
if(inum < 1 || inum > i)
{
printf("\nInterface number out of range.\n");
/* Free the device list */
pcap_freealldevs(alldevs);
return -1;
}
// enter the setbuff buffer size and the mintocopy buffer size
char sResponse[256]={0};
int nSetBuff=0;
int nMinToCopy=0;
bool bGetError=false;
int nSetNonBlock;
int sbresult;
printf ("Enter the size of the buffer for pcap_setbuff
(-1:default):");
scanf ("%s", sResponse);
nSetBuff = atoi(sResponse);
printf ("Enter the size for pcap_setmintocopy (-1:default):");
scanf ("%s", sResponse);
nMinToCopy = atoi(sResponse);
printf ("Do you want to get error string when timeout occurs (0:no,
1:yes)?");
scanf ("%s", sResponse);
if (sResponse[0]=='1')
bGetError=true;
else
bGetError=false;
printf ("Do you want to read packets in non-blocking mode (0:no,
1:yes, 2:default)?");
scanf ("%s", sResponse);
nSetNonBlock = atoi(sResponse);
/* Jump to the selected adapter */
for(d=alldevs, i=0; i< inum-1 ;d=d->next, i++);
/* Open the adapter */
if ( (adhandle= pcap_open_live(d->name, // name of the device
65536,
// portion of the packet to capture.
// 65536 grants that the whole packet will be captured on all the MACs.
1,
// promiscuous mode
1000,
// read timeout
errbuf
// error buffer
) )
== NULL)
{
fprintf(stderr,"\nUnable to open the adapter. %s is not supported by
WinPcap\n");
/* Free the device list */
pcap_freealldevs(alldevs);
return -1;
}
printf("\nlistening on %s...\n", d->description);
// set the buffer size
if (nSetBuff > 0)
{
sbresult = pcap_setbuff(adhandle, nSetBuff);
printf ("SetBuff returned : %d\n", sbresult);
}
// set minimum bytes to copy
if (nMinToCopy > 0)
{
sbresult = pcap_setmintocopy (adhandle, nMinToCopy);
printf ("setmintocopy returned : %d\n", sbresult);
}
// set blocking state
switch (nSetNonBlock)
{
case 0: if (pcap_setnonblock(adhandle, 0, sResponse)==-1)
printf("Error setting nonBlock to
false: %s\n", sResponse);
break;
case 1: if (pcap_setnonblock(adhandle, 1, sResponse)==-1)
printf("Error setting nonBlock to
true: %s\n", sResponse);
break;
case 2:
default: // do nothing
break;
}
/* At this point, we don't need any more the device list. Free it */
pcap_freealldevs(alldevs);
// start the capture - choose your method...
ReadPackets(adhandle, bGetError);
// pcap_loop(adhandle, 0, packet_handler, NULL);
pcap_close(adhandle);
return 0;
}
/* Callback function invoked by libpcap for every incoming packet */
void packet_handler(u_char *param, const struct pcap_pkthdr *header, const
u_char *pkt_data)
{
struct tm *ltime;
char timestr[16];
/* convert the timestamp to readable format */
ltime=localtime(&header->ts.tv_sec);
strftime( timestr, sizeof timestr, "%H:%M:%S", ltime);
printf("%s,%.6d len:%d\n", timestr, header->ts.tv_usec, header->len);
}
// display the details of the packet received on the screen
void display_packet(char * cMessage, const struct pcap_pkthdr *header, const
u_char *pkt_data)
{
struct tm *ltime;
char timestr[16];
static long seconds;
if (header!=0 && pkt_data!=0)
{
/* convert the timestamp to readable format */
ltime=localtime(&header->ts.tv_sec);
strftime( timestr, sizeof timestr, "%H:%M:%S", ltime);
printf("%s.%.4d len:%d - %s\n", timestr, header->ts.tv_usec,
header->len, cMessage);
}
else
{
SYSTEMTIME st;
GetSystemTime(&st);
// error in reading packet
printf("%02d:%02d:%02d.%04d - %s\n", st.wHour, st.wMinute,
st.wSecond,
st.wMilliseconds,cMessage);
}
}
void ReadPackets(pcap_t *adhandle, bool bGetError)
{
bool gotone=false;
pcap_pkthdr * hdr;
unsigned char * data;
int retcode;
while (1)
{
retcode = pcap_next_ex(adhandle, &hdr, &data);
switch (retcode)
{
case -2: // eof reached whilst reading packet
display_packet("Dried up", 0,
0);
break;
case -1: // error occurred
display_packet("Error
reading packet, trying again", 0, 0);
break;
case 0: // timeout
display_packet("Timeout
reading packet", 0, 0);
if (bGetError)
display_packet(pcap_geterr(adhandle),0,0);
break;
case 1: // received packet ok
display_packet("Got Packet",
hdr, data);
break;
}
}
}
-----Original Message-----
From: Steve Fernandes [mailto:[EMAIL PROTECTED]
Sent: 14 May 2004 16:12
To: '[EMAIL PROTECTED]'
Subject: RE: [WinPcap-users] Timeout responses to pcap_getnext_ex with
hig h network load and using pcap_setbuff
I have tried changing the kernel buffer size down to 10MB and then 1MB. But
this did not change the frequency of the timeout responses.
I then set the kernel buffer to 1000 and this did result in the timeouts
occuring once every second. But the timeouts were still occuring and no
proper packets were being received.
There is one other point I failed to mention earlier...
The PC I am using has 2 Network adapters. One is plugged into the normal
office network and the other is plugged into a non-switching hub along with
a second PC that I am using to generate the network traffic.
It is the network card plugged into the hub that I have been using for these
tests.
Thanks
Steve
-----Original Message-----
From: Robert Thornthwaite [mailto:[EMAIL PROTECTED]
Sent: 14 May 2004 15:45
To: [EMAIL PROTECTED]
Subject: RE: [WinPcap-users] Timeout responses to pcap_getnext_ex with
high network load and using pcap_setbuff
Try a smaller kernel buffer, say 10MB.
Robert Thornthwaite
Input/Output, Inc.
phone: 281 879 2112
email: [EMAIL PROTECTED]
web: http://www.i-o.com/
>
================================================================= This is
the WinPcap users list. It is archived at
http://www.mail-archive.com/[EMAIL PROTECTED]/
To unsubscribe use
mailto: [EMAIL PROTECTED]
=================================================================
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
==================================================================
This is the WinPcap users list. It is archived at
http://www.mail-archive.com/[EMAIL PROTECTED]/
To unsubscribe use
mailto: [EMAIL PROTECTED]
==================================================================
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
==================================================================
This is the WinPcap users list. It is archived at
http://www.mail-archive.com/[EMAIL PROTECTED]/
To unsubscribe use
mailto: [EMAIL PROTECTED]
==================================================================
