<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.6000.16825" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT size=2></FONT> </DIV>
<BLOCKQUOTE
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV style="FONT: 10pt arial">----- Original Message ----- </DIV>
<DIV
style="BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: black"><B>From:</B>
<A title=locationdev@gmail.com href="mailto:locationdev@gmail.com">John
Wang</A> </DIV>
<DIV style="FONT: 10pt arial"><B>To:</B> <A title=winpcap-users@winpcap.org
href="mailto:winpcap-users@winpcap.org">winpcap-users@winpcap.org</A> </DIV>
<DIV style="FONT: 10pt arial"><B>Cc:</B> <A title=tien-fu.lu@adelaide.edu.au
href="mailto:tien-fu.lu@adelaide.edu.au">tien-fu.lu@adelaide.edu.au</A> </DIV>
<DIV style="FONT: 10pt arial"><B>Sent:</B> Tuesday, May 05, 2009 12:19
AM</DIV>
<DIV style="FONT: 10pt arial"><B>Subject:</B> Re: [Winpcap-users] Where does
the Winpcap timestamp comefrom?andothers</DIV>
<DIV><BR></DIV>Hi,<BR><BR>
<DIV class=gmail_quote>2009/5/5 Gianluca Varenni <SPAN dir=ltr><<A
href="mailto:gianluca.varenni@cacetech.com">gianluca.varenni@cacetech.com</A>></SPAN><BR>
<BLOCKQUOTE class=gmail_quote
style="PADDING-LEFT: 1ex; MARGIN: 0pt 0pt 0pt 0.8ex; BORDER-LEFT: rgb(204,204,204) 1px solid">
<DIV bgcolor="#ffffff">
<DIV><FONT size=2></FONT> </DIV>
<BLOCKQUOTE
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: rgb(0,0,0) 2px solid; MARGIN-RIGHT: 0px">
<DIV class=im>
<DIV
style="FONT: 10pt arial; font-size-adjust: none; font-stretch: normal">-----
Original Message ----- </DIV>
<DIV
style="BACKGROUND: rgb(228,228,228); FONT: 10pt arial; font-size-adjust: none; font-stretch: normal; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial"><B>From:</B>
<A title=locationdev@gmail.com href="mailto:locationdev@gmail.com"
target=_blank>John Wang</A> </DIV>
<DIV
style="FONT: 10pt arial; font-size-adjust: none; font-stretch: normal"><B>To:</B>
<A title=winpcap-users@winpcap.org href="mailto:winpcap-users@winpcap.org"
target=_blank>winpcap-users@winpcap.org</A> </DIV></DIV>
<DIV class=im>
<DIV
style="FONT: 10pt arial; font-size-adjust: none; font-stretch: normal"><B>Sent:</B>
Saturday, May 02, 2009 8:45 PM</DIV>
<DIV
style="FONT: 10pt arial; font-size-adjust: none; font-stretch: normal"><B>Subject:</B>
Re: [Winpcap-users] Where does the Winpcap timestamp come
from?andothers</DIV>
<DIV><BR></DIV>Hi ,<BR><BR><BR>
<DIV class=gmail_quote>
<BLOCKQUOTE class=gmail_quote
style="PADDING-LEFT: 1ex; MARGIN: 0pt 0pt 0pt 0.8ex; BORDER-LEFT: rgb(204,204,204) 1px solid">
<DIV bgcolor="#ffffff">
<DIV><FONT size=2></FONT>
<DIV>>>2. Which function in the NPF or Packet.dll can be used as a
trigger to request CPU timer, like queryperformancecounter (), to
>>timestamp the arrival packet to obatin higher
precision?</DIV></DIV>
<DIV><FONT size=2></FONT> </DIV>
<DIV><FONT size=2>>>--GV--</FONT></DIV>
<DIV><FONT size=2>>>There is no way to obtain higher precision
than we are currently using in WinPcap, apart from using custom hardware
that >>timestamps the packets in the hardware
itself.</FONT></DIV><FONT size=2></FONT>
<DIV><FONT size=2>>>--GV--</FONT></DIV></DIV></BLOCKQUOTE><FONT
size=2></FONT>
<DIV><BR><SPAN
style="COLOR: rgb(51,51,255); BACKGROUND-COLOR: rgb(255,255,255)">Is there
any possible to know that which function inside WinPcap is used to
timestamp the packets?</SPAN><BR></DIV></DIV></DIV></BLOCKQUOTE>
<DIV><FONT size=2>The functions used to timestamp packets are in the driver
code, in the file time_calls.h. Packets are timestamped in function
"NPF_Tap", look for "GET_TIME"</FONT></DIV>
<DIV class=im>
<BLOCKQUOTE
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: rgb(0,0,0) 2px solid; MARGIN-RIGHT: 0px"><FONT
size=2></FONT>
<DIV class=gmail_quote><FONT size=2></FONT><BR><BR></DIV>
<BLOCKQUOTE class=gmail_quote
style="PADDING-LEFT: 1ex; MARGIN: 0pt 0pt 0pt 0.8ex; BORDER-LEFT: rgb(204,204,204) 1px solid">
<DIV bgcolor="#ffffff">
<DIV>
<DIV><BR>>>4. Can I reduce the size of the user buffer inside the
NPF to set it small enough to triger the CPU timer to timestamp when
>>every packet is arrival?<BR></DIV></DIV>
<DIV><FONT size=2>>>-GV--</FONT></DIV>
<DIV><FONT size=2>>>Timestamps are generated before the packet is
stored in the buffers. So changing the buffer size doesn't
help.</FONT></DIV>
<DIV><FONT size=2>>>--GV--</FONT></DIV>
<DIV>
<DIV><FONT size=2></FONT> </DIV></DIV></DIV></BLOCKQUOTE>
<DIV class=gmail_quote><SPAN
style="COLOR: rgb(51,51,255); BACKGROUND-COLOR: rgb(255,255,255)">Because
I try to timestamp the arrival packets again by using my timing functions,
I'm looking for a trigger. As I know, the frequency of NPF copying the
arrival packets from kernel space to user space depends on the size of
user buffer. If I can set the size of user buffer as same as the size of
one arrival packet, then, the NPF would copy every single packet from
kernel space to user space</SPAN><BR style="COLOR: rgb(51,51,255)"><SPAN
style="COLOR: rgb(51,51,255)">once the packet arrives. And I can use this
operation as a trigger to timestamp the arrival packet again with my
timing functions, am I right?</SPAN><BR
style="BACKGROUND-COLOR: rgb(51,204,255)"></DIV><FONT
size=2></FONT></BLOCKQUOTE></DIV>
<DIV><FONT size=2>You don't want to do that. Unless you want to kill your
application performance. What exactly are you trying to achieve with your
timing functions vs. the timestamps generated by WinPcap?</FONT></DIV>
<DIV><FONT size=2></FONT> </DIV><FONT
color=#888888></FONT></DIV></BLOCKQUOTE>
<DIV><BR><FONT color=#3333ff>I'm trying to record the packets arrival
timestamp in nanosecond precision. Then I will compare the arrival timestamp
with a microsecond precision transmitting timesamp from the transmitter to
explore the performance of wireless network. If my method can't work, do you
have any suggestion how can I get the nanosecond packets arrival timestamp
from the wireless adapter or Winpcap?<BR></FONT></DIV><FONT
color=#3333ff></FONT></DIV></BLOCKQUOTE>
<DIV class=gmail_quote><FONT color=#3333ff><FONT color=#000000 size=2></FONT>
<DIV><FONT color=#000000 size=2></FONT> </DIV>
<DIV><FONT color=#000000 size=2></FONT> </DIV>
<DIV><FONT color=#000000 size=2></FONT> </DIV>
<DIV><FONT color=#000000 size=2>There is no way you can get nanosecond precision
timestamps in software. Windows, like Linux, is not a real-time OS, so it
doesn't give you any guarantee of when an operation will end, and this includes
timestamping packets.</FONT></DIV>
<DIV><FONT color=#000000 size=2></FONT> </DIV>
<DIV><FONT color=#000000 size=2> The only way to obtain that is to have
some device that timestamps packets in hardware. And even in that case,
most of the times the timestamps have microsecond precision (this is what we
have with the AirPcap adapters in hardware).</FONT><BR></DIV>
<DIV><FONT color=#000000 size=2>GV</FONT></DIV>
<DIV><FONT color=#000000 size=2></FONT> </DIV>
<DIV><FONT color=#000000 size=2></FONT> </DIV>
<DIV><FONT color=#000000 size=2></FONT></FONT> </DIV></DIV></BODY></HTML>