Wireshark-dev: Re: [Wireshark-dev] [Winpcap-users] RE: ring buffer
From: "Maria de Fatima Requena" <[email protected]>
Date: Fri, 9 May 2008 08:22:39 +0200
I have thought about synchronization issues, but all what I have done is give highest priority to 'producer' and defect one for 'consumer'. I think that the worst it can happen like this is leading consumer to starvation, but I also think that this is not happening right now because of CPU scheduling.

On the other hand, I can't take out load from the producer without passing copied packets. Thus, is there any solution to my problem? Wireshark works fine, so there must be a way, isn't there?


María de Fátima Requena Cabot (2488)
+34 91 787 23 00 alhambra-eidos.es
 

-----Mensaje original-----
De: [email protected] [mailto:[email protected]] En nombre de Gianluca Varenni
Enviado el: viernes, 09 de mayo de 2008 2:03
Para: [email protected]; Developer support list for Wireshark
CC: [email protected]
Asunto: Re: [Wireshark-dev] [Winpcap-users] RE: ring buffer


----- Original Message ----- 
From: "Maria de Fatima Requena" <[email protected]>
To: "Developer support list for Wireshark" <[email protected]>
Cc: <[email protected]>
Sent: Tuesday, May 06, 2008 11:27 PM
Subject: [Winpcap-users] RE: [Wireshark-dev] ring buffer


> We thought about that, so at packet handler method what I do is pushing 
> packets inside a global queue just to avoid interfering with packets 
> capture. A different thread is in charge of popping packets and manage 
> them. Both threads have same priority at the moment, I don't know if I 
> should change this somehow.
>

Well, if you are pushing packets in a queue, you are probably copying them, 
which introduced overhead. And since it's a queue shared by 2 thread, you 
surely have some sort of synchronization, which can introduce some further 
overhead.

> I took a look at Wireshark source code, and the read timeout parameter in 
> pcap_open is set to 250 there (not 1000 like savedump example). According 
> to my problem, which choice is the best?

I think that wireshark sets it to 250 ms to have a faster refresh on the 
screen. Putting a timeout of 250 vs 1000ms doesn't affect performance a lot 
in case of high traffic.

Have a nice day
GV

>
> María de Fátima Requena Cabot (2488)
> +34 91 787 23 00 alhambra-eidos.es
>
>
>
> -----Mensaje original-----
> De: [email protected] 
> [mailto:[email protected]] En nombre de Gianluca Varenni
> Enviado el: martes, 06 de mayo de 2008 17:58
> Para: Developer support list for Wireshark
> CC: [email protected]
> Asunto: Re: [Wireshark-dev] ring buffer
>
> As you can see from the savedump source code, the code to dump packets is
> minimal. And the sample uses the standard parameters to the pcap 
> functions.
> I think your application drops packets because it's somewhat slow at
> processing packets (if you are doing any processing). What are you doing
> after you receive a packet?
>
> Have a nice day
> GV
>
> PS: I CCed the winpcap-users mailing list, as your question is more 
> related
> to that mailing list rather than wireshark-dev
>
> ----- Original Message ----- 
> From: "Maria de Fatima Requena" <[email protected]>
> To: "Developer support list for Wireshark" <[email protected]>
> Sent: Monday, May 05, 2008 11:38 PM
> Subject: Re: [Wireshark-dev] ring buffer
>
>
> Oh, thanks.
>
> I have done two tests, and I think savedump doesnt miss any packets. What
> can be the problem then? Maybe parameters in pcap functions or buffering?
>
>
> María de Fátima Requena Cabot (2488)
> +34 91 787 23 00 alhambra-eidos.es
>
>
>
> -----Mensaje original-----
> De: [email protected]
> [mailto:[email protected]] En nombre de Gianluca Varenni
> Enviado el: lunes, 05 de mayo de 2008 18:17
> Para: Developer support list for Wireshark
> Asunto: Re: [Wireshark-dev] ring buffer
>
> What do you mean by "quite unreadable"?
>
> savedump creates a pcap-compatible file that can be opened with wireshark
> (it's not a text file, it's pcap file i.e. binary).
>
> Have a nice day
> GV
>
> ----- Original Message ----- 
> From: "Maria de Fatima Requena" <[email protected]>
> To: "Developer support list for Wireshark" <[email protected]>
> Sent: Sunday, May 04, 2008 11:34 PM
> Subject: Re: [Wireshark-dev] ring buffer
>
>
> I have tried it and the content of the capture file (which I have given 
> the
> name of 'dump.txt') is quite unreadable.
>
>
> María de Fátima Requena Cabot (2488)
> +34 91 787 23 00 alhambra-eidos.es
>
>
> -----Mensaje original-----
> De: [email protected]
> [mailto:[email protected]] En nombre de Gianluca Varenni
> Enviado el: viernes, 02 de mayo de 2008 22:33
> Para: Developer support list for Wireshark
> Asunto: Re: [Wireshark-dev] ring buffer
>
> Out of curiosity, does the sample in the WinPcap developer's pack named
> wpdpack\Examples-pcap\savedump lose packets as well?
>
> Have a nice day
> GV
>
>
> ----- Original Message ----- 
> From: "Maria de Fatima Requena" <[email protected]>
> To: "Developer support list for Wireshark" <[email protected]>
> Sent: Friday, May 02, 2008 4:39 AM
> Subject: [Wireshark-dev] ring buffer
>
>
> Hi
>
> I am implementing a packet sniffer with VS. I posted some time ago 
> problems
> with losing packets, and someone here suggested me that it could be a
> problem between disk access and NIC speed.
>
> I have done some research, and it seems this doesn't happen to Wireshark
> because of the use of a ring buffer. Can someone tell me which files 
> (apart
> from ringbuffer.c) are involved in Wireshark avoiding packet loss? Can I 
> use
> any configuration of Winpcap function parameters for losing less packets?
>
> Thanks in advance
>
>
> María de Fátima Requena Cabot (2488)
> +34 91 787 23 00 alhambra-eidos.es
>
>
> _______________________________________________
> Wireshark-dev mailing list
> [email protected]
> http://www.wireshark.org/mailman/listinfo/wireshark-dev
>
> _______________________________________________
> Wireshark-dev mailing list
> [email protected]
> http://www.wireshark.org/mailman/listinfo/wireshark-dev
> _______________________________________________
> Wireshark-dev mailing list
> [email protected]
> http://www.wireshark.org/mailman/listinfo/wireshark-dev
>
> _______________________________________________
> Wireshark-dev mailing list
> [email protected]
> http://www.wireshark.org/mailman/listinfo/wireshark-dev
> _______________________________________________
> Wireshark-dev mailing list
> [email protected]
> http://www.wireshark.org/mailman/listinfo/wireshark-dev
>
> _______________________________________________
> Wireshark-dev mailing list
> [email protected]
> http://www.wireshark.org/mailman/listinfo/wireshark-dev
>
> _______________________________________________
> Winpcap-users mailing list
> [email protected]
> https://www.winpcap.org/mailman/listinfo/winpcap-users 

_______________________________________________
Wireshark-dev mailing list
[email protected]
http://www.wireshark.org/mailman/listinfo/wireshark-dev