<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.6000.16441" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT size=2></FONT> </DIV>
<BLOCKQUOTE
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV style="FONT: 10pt arial">----- Original Message ----- </DIV>
<DIV
style="BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: black"><B>From:</B>
<A title=swaminathang@yahoo.com
href="mailto:swaminathang@yahoo.com">Swaminathan Gurumoorthy</A> </DIV>
<DIV style="FONT: 10pt arial"><B>To:</B> <A title=winpcap-users@winpcap.org
href="mailto:winpcap-users@winpcap.org">winpcap-users@winpcap.org</A> </DIV>
<DIV style="FONT: 10pt arial"><B>Sent:</B> Thursday, May 17, 2007 3:26
PM</DIV>
<DIV style="FONT: 10pt arial"><B>Subject:</B> [Winpcap-users] Problems with
using pcap_getevent</DIV>
<DIV><BR></DIV>
<DIV>I am relatively new to using winpcap library. I am having issues with the
Win32 extension pcap_getevent() API call.</DIV>
<DIV> </DIV>
<DIV>I have a windows application on my host
system, asynchronously reading for ethernet type packets sent by
another system (again using Winpcap SendPacket() function) . I am
waiting on an event that I am holding from the pcap_getevent() call. I also
have my ethereal window open to confirm if my application is reading packets
when they arrive.</DIV>
<DIV><FONT size=2></FONT> </DIV>
<DIV>The problem is my application is not notified when the packet actually
arrives. I looked through old archives and saw a note saying it is due to the
kernel buffer being set to some high value. So I modified my open call to
include PC<FONT size=2>AP_OPENFLAG_MAX_RESPONSIVENESS flag. I was hoping
this will ensure the event will be triggered as soon as the
</FONT></DIV>
<DIV><FONT size=2></FONT> </DIV></BLOCKQUOTE>
<DIV><FONT size=2>It's not related to the kernel buffer size, it's related to
the mintocopy parameter. The kernel buffer doesnt influence the responsiveness
(up to a certain extent, but that's a totally different story). What influences
the responsiveness is the mintocopy, i.e. the number of bytes that should be
available in the kernel buffer before the read event gets
signalled.</FONT></DIV>
<BLOCKQUOTE
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV><FONT size=2></FONT> </DIV>
<DIV><FONT size=2>packet arrives. But it did not happen. I also realized
that I can use the pcap_setmintocopy() to set the buffer value So I went
ahead and set this value to a low number (less than my anticipated packet
size). This lead to a different problem. I see that my host program
is getting the event now but it gets a slew of duplicate packets. I can
see my ethereal window on the host system show duplicates as
well.</FONT></DIV>
<DIV><FONT size=2></FONT> </DIV></BLOCKQUOTE>
<DIV><FONT size=2>This is really weird. Do the duplicate packets have the same
exact timestamp? Can you post a small snippet of the code that you use to
receive the packets from the adapter? In particular, are you checking for the
return value of pcap_next_ex (supposing you are using this API)?</FONT></DIV>
<BLOCKQUOTE
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV><FONT size=2></FONT> </DIV>
<DIV><FONT size=2>I am sure the client did not send all those duplicate
packets becasue the ethereal window on the client system is showing only one
packet. I also confirmed this by commenting out the pcap_setmintocopy() call
and see only one packet on my host ethereal window (but not on my
application).</FONT></DIV>
<DIV><FONT size=2></FONT> </DIV>
<DIV><FONT size=2>Am I doing something wrong here? The documentation says "use
of pcap_getevent is discouraged because it is not portable" but mine is a pure
windows app and I am not worried about portability.</FONT></DIV>
<DIV><FONT size=2></FONT> </DIV>
<DIV>I also do not want to go to a polling mode using pcap_read_next and all
that because I am using this in a thread which is waiting for other events as
well. I hate to write yet another thread that will poll and send the
event.</DIV>
<DIV><FONT size=2></FONT> </DIV></BLOCKQUOTE>
<DIV><FONT size=2>I assume by "pcap_read_next" you mean "pcap_next_ex". Right?
In any case, pcap_next_ex is *not* a polling function, unless you set the
timeout (in pcap_open_xxx) to a 0 timeout. It waits on the read event *and* for
a maximum timeout time. The only reason why you would use your custom wait code
obtaining the read event with pcap_getevent() and
WaitForSingleObject/WaitForMultipleObjects is if you want to capture from
multiple adapters on the same thread, or you want to wait to on multiple
different events (e.g. a packet arrives and another totally unrelated event). In
any other case I would stick with the pcap_next_ex function.</FONT></DIV>
<DIV><FONT size=2></FONT> </DIV>
<DIV><FONT size=2>Hope it helps</FONT></DIV>
<DIV><FONT size=2>GV</FONT></DIV>
<BLOCKQUOTE
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV><FONT size=2></FONT> </DIV>
<DIV><FONT size=2>Any help will be much appreciated.</FONT></DIV>
<DIV><FONT size=2></FONT> </DIV>
<DIV>Thanks</DIV>
<DIV><FONT size=2>Swami</DIV></FONT>
<DIV><FONT size=2></FONT> </DIV>
<DIV><FONT size=2></FONT> </DIV><FONT size=2></FONT><BR><BR>
<DIV>
<DIV>Swaminathan Gurumoorthy</DIV>
<DIV>1775 Milmont Dr, Apt S101</DIV>
<DIV>Milpitas CA 95035</DIV></DIV>
<P>Choose the right car based on your needs. Check out Yahoo! Autos new Car
Finder tool.
http://us.rd.yahoo.com/evt=48518/*http://autos.yahoo.com/carfinder/;_ylc=X3oDMTE3NWsyMDd2BF9TAzk3MTA3MDc2BHNlYwNtYWlsdGFncwRzbGsDY2FyLWZpbmRlcg--
hot CTA = Yahoo! Autos new Car Finder tool
<P>
<HR>
<P></P>_______________________________________________<BR>Winpcap-users
mailing
list<BR>Winpcap-users@winpcap.org<BR>https://www.winpcap.org/mailman/listinfo/winpcap-users<BR></BLOCKQUOTE></BODY></HTML>