<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.6000.16825" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT size=2></FONT> </DIV>
<BLOCKQUOTE
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV style="FONT: 10pt arial">----- Original Message ----- </DIV>
<DIV
style="BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: black"><B>From:</B>
<A title=locationdev@gmail.com href="mailto:locationdev@gmail.com">John
Wang</A> </DIV>
<DIV style="FONT: 10pt arial"><B>To:</B> <A title=winpcap-users@winpcap.org
href="mailto:winpcap-users@winpcap.org">winpcap-users@winpcap.org</A> </DIV>
<DIV style="FONT: 10pt arial"><B>Sent:</B> Saturday, May 02, 2009 8:45
PM</DIV>
<DIV style="FONT: 10pt arial"><B>Subject:</B> Re: [Winpcap-users] Where does
the Winpcap timestamp come from?andothers</DIV>
<DIV><BR></DIV>Hi ,<BR><BR><BR>
<DIV class=gmail_quote>
<BLOCKQUOTE class=gmail_quote
style="PADDING-LEFT: 1ex; MARGIN: 0pt 0pt 0pt 0.8ex; BORDER-LEFT: rgb(204,204,204) 1px solid">
<DIV bgcolor="#ffffff">
<DIV><FONT size=2></FONT>
<DIV class=im>>>2. Which function in the NPF or Packet.dll can be used
as a trigger to request CPU timer, like queryperformancecounter (), to
>>timestamp the arrival packet to obatin higher precision?</DIV></DIV>
<DIV><FONT size=2></FONT> </DIV>
<DIV><FONT size=2>>>--GV--</FONT></DIV>
<DIV><FONT size=2>>>There is no way to obtain higher precision than we
are currently using in WinPcap, apart from using custom hardware that
>>timestamps the packets in the hardware itself.</FONT></DIV><FONT
size=2></FONT>
<DIV><FONT size=2>>>--GV--</FONT></DIV></DIV></BLOCKQUOTE><FONT
size=2></FONT>
<DIV><BR><SPAN
style="COLOR: rgb(51,51,255); BACKGROUND-COLOR: rgb(255,255,255)">Is there any
possible to know that which function inside WinPcap is used to timestamp the
packets?</SPAN><BR></DIV></DIV></BLOCKQUOTE>
<DIV><FONT size=2>The functions used to timestamp packets are in the driver
code, in the file time_calls.h. Packets are timestamped in function "NPF_Tap",
look for "GET_TIME"</FONT></DIV>
<BLOCKQUOTE
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px"><FONT
size=2></FONT>
<DIV class=gmail_quote><FONT size=2></FONT><BR><BR></DIV>
<BLOCKQUOTE class=gmail_quote
style="PADDING-LEFT: 1ex; MARGIN: 0pt 0pt 0pt 0.8ex; BORDER-LEFT: rgb(204,204,204) 1px solid">
<DIV bgcolor="#ffffff">
<DIV>
<DIV class=im><BR>>>4. Can I reduce the size of the user buffer inside
the NPF to set it small enough to triger the CPU timer to timestamp when
>>every packet is arrival?<BR></DIV></DIV>
<DIV><FONT size=2>>>-GV--</FONT></DIV>
<DIV><FONT size=2>>>Timestamps are generated before the packet is
stored in the buffers. So changing the buffer size doesn't
help.</FONT></DIV>
<DIV><FONT size=2>>>--GV--</FONT></DIV>
<DIV class=im>
<DIV><FONT size=2></FONT> </DIV></DIV></DIV></BLOCKQUOTE>
<DIV class=gmail_quote><SPAN
style="COLOR: rgb(51,51,255); BACKGROUND-COLOR: rgb(255,255,255)">Because I
try to timestamp the arrival packets again by using my timing functions, I'm
looking for a trigger. As I know, the frequency of NPF copying the arrival
packets from kernel space to user space depends on the size of user buffer. If
I can set the size of user buffer as same as the size of one arrival packet,
then, the NPF would copy every single packet from kernel space to user
space</SPAN><BR style="COLOR: rgb(51,51,255)"><SPAN
style="COLOR: rgb(51,51,255)">once the packet arrives. And I can use this
operation as a trigger to timestamp the arrival packet again with my timing
functions, am I right?</SPAN><BR
style="BACKGROUND-COLOR: rgb(51,204,255)"></DIV><FONT
size=2></FONT></BLOCKQUOTE>
<DIV><FONT size=2>You don't want to do that. Unless you want to kill your
application performance. What exactly are you trying to achieve with your timing
functions vs. the timestamps generated by WinPcap?</FONT></DIV>
<DIV><FONT size=2></FONT> </DIV>
<DIV><FONT size=2>GV</FONT></DIV>
<BLOCKQUOTE
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV><FONT size=2></FONT> </DIV>
<DIV class=gmail_quote><BR>Cheers<BR><BR>John<BR></DIV>
<P>
<HR>
<P></P>_______________________________________________<BR>Winpcap-users
mailing
list<BR>Winpcap-users@winpcap.org<BR>https://www.winpcap.org/mailman/listinfo/winpcap-users<BR></BLOCKQUOTE></BODY></HTML>