I have thought about synchronization issues, but all what I have done is
give highest priority to 'producer' and defect one for 'consumer'. I think
that the worst it can happen like this is leading consumer to starvation,
but I also think that this is not happening right now because of CPU
scheduling.
On the other hand, I can't take out load from the producer without passing
copied packets. Thus, is there any solution to my problem? Wireshark works
fine, so there must be a way, isn't there?
Mar�a de F�tima Requena Cabot (2488)
+34 91 787 23 00 alhambra-eidos.es
-----Mensaje original-----
De: wireshark-dev-bounces@xxxxxxxxxxxxx
[mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] En nombre de Gianluca Varenni
Enviado el: viernes, 09 de mayo de 2008 2:03
Para: winpcap-users@xxxxxxxxxxx; Developer support list for Wireshark
CC: winpcap-users@xxxxxxxxxxx
Asunto: Re: [Wireshark-dev] [Winpcap-users] RE: ring buffer
----- Original Message -----
From: "Maria de Fatima Requena" <MariaF.Requena@xxxxxx>
To: "Developer support list for Wireshark" <wireshark-dev@xxxxxxxxxxxxx>
Cc: <winpcap-users@xxxxxxxxxxx>
Sent: Tuesday, May 06, 2008 11:27 PM
Subject: [Winpcap-users] RE: [Wireshark-dev] ring buffer
We thought about that, so at packet handler method what I do is pushing
packets inside a global queue just to avoid interfering with packets
capture. A different thread is in charge of popping packets and manage
them. Both threads have same priority at the moment, I don't know if I
should change this somehow.
Well, if you are pushing packets in a queue, you are probably copying
them,
which introduced overhead. And since it's a queue shared by 2 thread, you
surely have some sort of synchronization, which can introduce some further
overhead.
I took a look at Wireshark source code, and the read timeout parameter in
pcap_open is set to 250 there (not 1000 like savedump example). According
to my problem, which choice is the best?
I think that wireshark sets it to 250 ms to have a faster refresh on the
screen. Putting a timeout of 250 vs 1000ms doesn't affect performance a
lot
in case of high traffic.
Have a nice day
GV
Mar�a de F�tima Requena Cabot (2488)
+34 91 787 23 00 alhambra-eidos.es
-----Mensaje original-----
De: wireshark-dev-bounces@xxxxxxxxxxxxx
[mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] En nombre de Gianluca
Varenni
Enviado el: martes, 06 de mayo de 2008 17:58
Para: Developer support list for Wireshark
CC: winpcap-users@xxxxxxxxxxx
Asunto: Re: [Wireshark-dev] ring buffer
As you can see from the savedump source code, the code to dump packets is
minimal. And the sample uses the standard parameters to the pcap
functions.
I think your application drops packets because it's somewhat slow at
processing packets (if you are doing any processing). What are you doing
after you receive a packet?
Have a nice day
GV
PS: I CCed the winpcap-users mailing list, as your question is more
related
to that mailing list rather than wireshark-dev
----- Original Message -----
From: "Maria de Fatima Requena" <MariaF.Requena@xxxxxx>
To: "Developer support list for Wireshark" <wireshark-dev@xxxxxxxxxxxxx>
Sent: Monday, May 05, 2008 11:38 PM
Subject: Re: [Wireshark-dev] ring buffer
Oh, thanks.
I have done two tests, and I think savedump doesnt miss any packets. What
can be the problem then? Maybe parameters in pcap functions or buffering?
Mar�a de F�tima Requena Cabot (2488)
+34 91 787 23 00 alhambra-eidos.es
-----Mensaje original-----
De: wireshark-dev-bounces@xxxxxxxxxxxxx
[mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] En nombre de Gianluca
Varenni
Enviado el: lunes, 05 de mayo de 2008 18:17
Para: Developer support list for Wireshark
Asunto: Re: [Wireshark-dev] ring buffer
What do you mean by "quite unreadable"?
savedump creates a pcap-compatible file that can be opened with wireshark
(it's not a text file, it's pcap file i.e. binary).
Have a nice day
GV
----- Original Message -----
From: "Maria de Fatima Requena" <MariaF.Requena@xxxxxx>
To: "Developer support list for Wireshark" <wireshark-dev@xxxxxxxxxxxxx>
Sent: Sunday, May 04, 2008 11:34 PM
Subject: Re: [Wireshark-dev] ring buffer
I have tried it and the content of the capture file (which I have given
the
name of 'dump.txt') is quite unreadable.
Mar�a de F�tima Requena Cabot (2488)
+34 91 787 23 00 alhambra-eidos.es
-----Mensaje original-----
De: wireshark-dev-bounces@xxxxxxxxxxxxx
[mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] En nombre de Gianluca
Varenni
Enviado el: viernes, 02 de mayo de 2008 22:33
Para: Developer support list for Wireshark
Asunto: Re: [Wireshark-dev] ring buffer
Out of curiosity, does the sample in the WinPcap developer's pack named
wpdpack\Examples-pcap\savedump lose packets as well?
Have a nice day
GV
----- Original Message -----
From: "Maria de Fatima Requena" <MariaF.Requena@xxxxxx>
To: "Developer support list for Wireshark" <wireshark-dev@xxxxxxxxxxxxx>
Sent: Friday, May 02, 2008 4:39 AM
Subject: [Wireshark-dev] ring buffer
Hi
I am implementing a packet sniffer with VS. I posted some time ago
problems
with losing packets, and someone here suggested me that it could be a
problem between disk access and NIC speed.
I have done some research, and it seems this doesn't happen to Wireshark
because of the use of a ring buffer. Can someone tell me which files
(apart
from ringbuffer.c) are involved in Wireshark avoiding packet loss? Can I
use
any configuration of Winpcap function parameters for losing less packets?
Thanks in advance
Mar�a de F�tima Requena Cabot (2488)
+34 91 787 23 00 alhambra-eidos.es
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev
_______________________________________________
Winpcap-users mailing list
Winpcap-users@xxxxxxxxxxx
https://www.winpcap.org/mailman/listinfo/winpcap-users
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev
_______________________________________________
Winpcap-users mailing list
Winpcap-users@xxxxxxxxxxx
https://www.winpcap.org/mailman/listinfo/winpcap-users
