<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML xmlns="http://www.w3.org/TR/REC-html40" xmlns:v =
"urn:schemas-microsoft-com:vml" xmlns:o =
"urn:schemas-microsoft-com:office:office" xmlns:w =
"urn:schemas-microsoft-com:office:word" xmlns:st1 =
"urn:schemas-microsoft-com:office:smarttags"><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.6000.16825" name=GENERATOR><!--[if !mso]>
<STYLE>v\:* {
BEHAVIOR: url(#default#VML)
}
o\:* {
BEHAVIOR: url(#default#VML)
}
w\:* {
BEHAVIOR: url(#default#VML)
}
.shape {
BEHAVIOR: url(#default#VML)
}
</STYLE>
<![endif]--><o:SmartTagType name="country-region"
namespaceuri="urn:schemas-microsoft-com:office:smarttags"></o:SmartTagType><o:SmartTagType
name="PostalCode"
namespaceuri="urn:schemas-microsoft-com:office:smarttags"></o:SmartTagType><o:SmartTagType
name="State"
namespaceuri="urn:schemas-microsoft-com:office:smarttags"></o:SmartTagType><o:SmartTagType
name="City"
namespaceuri="urn:schemas-microsoft-com:office:smarttags"></o:SmartTagType><o:SmartTagType
name="place"
namespaceuri="urn:schemas-microsoft-com:office:smarttags"></o:SmartTagType><o:SmartTagType
name="Street"
namespaceuri="urn:schemas-microsoft-com:office:smarttags"></o:SmartTagType><o:SmartTagType
name="address"
namespaceuri="urn:schemas-microsoft-com:office:smarttags"></o:SmartTagType><o:SmartTagType
name="PersonName"
namespaceuri="urn:schemas-microsoft-com:office:smarttags"></o:SmartTagType><!--[if !mso]>
<STYLE>
st1\:*{behavior:url(#default#ieooui) }
</STYLE>
<![endif]-->
<STYLE>
<!--
/* Font Definitions */
@font-face
{font-family:PMingLiU;
panose-1:2 1 6 1 0 1 1 1 1 1;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:"\@PMingLiU";
panose-1:0 0 0 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:PMingLiU;}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-reply;
font-family:Arial;
color:navy;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;}
div.Section1
{page:Section1;}
-->
</STYLE>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></HEAD>
<BODY lang=EN-US vLink=purple link=blue bgColor=white>
<DIV><FONT size=2>Sorry for jumping in this conversation late.</FONT></DIV>
<DIV><FONT size=2></FONT> </DIV>
<DIV><FONT size=2>Please be aware that WinPcap does *not* overwrite older
packets with new ones. If the kernel buffer (or the user buffer) is full, newer
packets are simply dropped.</FONT></DIV>
<DIV><FONT size=2></FONT> </DIV>
<DIV><FONT size=2>Have a nice day</FONT></DIV>
<DIV><FONT size=2>GV</FONT></DIV>
<BLOCKQUOTE
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV style="FONT: 10pt arial">----- Original Message ----- </DIV>
<DIV
style="BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: black"><B>From:</B>
<A title=a.weiner@valid8.com href="mailto:a.weiner@valid8.com">Alan Jay
Weiner</A> </DIV>
<DIV style="FONT: 10pt arial"><B>To:</B> <A title=winpcap-users@winpcap.org
href="mailto:winpcap-users@winpcap.org">winpcap-users@winpcap.org</A> </DIV>
<DIV style="FONT: 10pt arial"><B>Sent:</B> Tuesday, May 26, 2009 9:27 AM</DIV>
<DIV style="FONT: 10pt arial"><B>Subject:</B> Re: [Winpcap-users] How can
igetthenew-estpacketfrombuffer?HELPPLEASE~!</DIV>
<DIV><BR></DIV>
<DIV class=Section1>
<P class=MsoNormal><FONT face=Arial color=navy size=2><SPAN
style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial">I presume the packets
contain some kind of status conditions and you’re doing something based on the
latest status.<o:p></o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial color=navy size=2><SPAN
style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial color=navy size=2><SPAN
style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial">What about using
small buffers? The older data is overwritten by newer data - if the
buffer is only large enough for 1 or 2 packets, you’ll get the 1 or 2
most-recent packets. All the other packets will be lost, but that seems
ok in your situation.<o:p></o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial color=navy size=2><SPAN
style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial color=navy size=2><SPAN
style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial">How many of the
most-recent packets do you need? Is it sufficient to have only the
most-recent packet?<o:p></o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial color=navy size=2><SPAN
style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial color=navy size=2><SPAN
style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial color=navy size=2><SPAN
style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial">- Al Weiner
-<o:p></o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial color=navy size=2><SPAN
style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial"><o:p> </o:p></SPAN></FONT></P>
<DIV>
<P class=MsoNormal><FONT face="Times New Roman" color=navy size=3><SPAN
style="FONT-SIZE: 12pt; COLOR: navy; FONT-FAMILY: 'Times New Roman'"> </SPAN></FONT><FONT
color=navy><SPAN style="COLOR: navy"><o:p></o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial color=navy size=2><SPAN
style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial">----------------------------------------------------------------------------<BR>Alan
Jay Weiner / Valid8.com, Inc. - Conform, Perform & Excel(tm)<BR>500 W
Cummings Park, <st1:address w:st="on"><st1:Street w:st="on">Suite
#</st1:Street>2700</st1:address>, <st1:place w:st="on"><st1:City
w:st="on">Woburn</st1:City>, <st1:State w:st="on">MA</st1:State>
<st1:PostalCode w:st="on">01801</st1:PostalCode>, <st1:country-region
w:st="on">USA</st1:country-region></st1:place><BR><A
href="mailto:a.weiner@valid8.com">a.weiner@valid8.com</A> /
Tel:+1-781-938-1221 x112, Fax +1-781-207-0550<BR><A
href="http://www.VALID8.com">http://www.VALID8.com</A> </SPAN></FONT><FONT
color=navy><SPAN style="COLOR: navy"><o:p></o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face="Times New Roman" color=navy size=3><SPAN
style="FONT-SIZE: 12pt; COLOR: navy; FONT-FAMILY: 'Times New Roman'"> </SPAN></FONT><o:p></o:p></P></DIV>
<DIV>
<DIV class=MsoNormal style="TEXT-ALIGN: center" align=center><FONT
face=PMingLiU size=3><SPAN style="FONT-SIZE: 12pt">
<HR tabIndex=-1 align=center width="100%" SIZE=2>
</SPAN></FONT></DIV>
<P class=MsoNormal><B><FONT face=Tahoma size=2><SPAN
style="FONT-WEIGHT: bold; FONT-SIZE: 10pt; FONT-FAMILY: Tahoma">From:</SPAN></FONT></B><FONT
face=Tahoma size=2><SPAN style="FONT-SIZE: 10pt; FONT-FAMILY: Tahoma">
winpcap-users-bounces@winpcap.org [mailto:winpcap-users-bounces@winpcap.org]
<B><SPAN style="FONT-WEIGHT: bold">On Behalf Of </SPAN></B>rst<BR><B><SPAN
style="FONT-WEIGHT: bold">Sent:</SPAN></B> Tuesday, May 26, 2009 5:19
AM<BR><B><SPAN style="FONT-WEIGHT: bold">To:</SPAN></B> <st1:PersonName
w:st="on">winpcap-users@winpcap.org</st1:PersonName><BR><B><SPAN
style="FONT-WEIGHT: bold">Subject:</SPAN></B> Re: [Winpcap-users] How can i
getthenew-estpacketfrombuffer?HELPPLEASE~!</SPAN></FONT><o:p></o:p></P></DIV>
<P class=MsoNormal><FONT face=PMingLiU size=3><SPAN
style="FONT-SIZE: 12pt"><o:p> </o:p></SPAN></FONT></P>
<DIV>
<P class=MsoNormal><FONT face=PMingLiU size=2><SPAN
style="FONT-SIZE: 10pt">The machine always sending packets , never
stop.</SPAN></FONT><o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal><FONT face=PMingLiU size=2><SPAN
style="FONT-SIZE: 10pt">and my computer only connected with the machine (using
a crossover network cable).</SPAN></FONT><o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal><FONT face=PMingLiU size=2><SPAN style="FONT-SIZE: 10pt">so
every packets I get</SPAN></FONT><FONT face="Times New Roman" size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Times New Roman'"> </SPAN></FONT><FONT
size=2><SPAN style="FONT-SIZE: 10pt">are what I wanted, but only the newest
packet I need.</SPAN></FONT><o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal><FONT face="Times New Roman" size=3><SPAN
style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman'"> </SPAN></FONT><o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal><FONT face=PMingLiU size=2><SPAN
style="FONT-SIZE: 10pt">Machine ----(Sending packets)---> My
Computer</SPAN></FONT><FONT face="Times New Roman" size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Times New Roman'"> </SPAN></FONT><FONT
size=2><SPAN style="FONT-SIZE: 10pt"> .........................every 0.000005
second</SPAN></FONT><o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal><FONT face="Times New Roman" size=3><SPAN
style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman'"> </SPAN></FONT><o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal><FONT face=PMingLiU size=2><SPAN style="FONT-SIZE: 10pt">My
Application ----(Get the newest packet)---> Get information to do
control...................every 0.0001
second</SPAN></FONT><o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal><FONT face="Times New Roman" size=3><SPAN
style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman'"> </SPAN></FONT><o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal><FONT face=PMingLiU size=2><SPAN style="FONT-SIZE: 10pt">if
the buffer can contrain 10000 packets,</SPAN></FONT><o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal><FONT face=PMingLiU size=2><SPAN
style="FONT-SIZE: 10pt">0.000005 * 10000 = 0.05
second,</SPAN></FONT><o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal><FONT face=PMingLiU size=2><SPAN style="FONT-SIZE: 10pt">so
I can only get the information before 0.05
second,</SPAN></FONT><o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal><FONT face=PMingLiU size=2><SPAN
style="FONT-SIZE: 10pt">but in my realtime control, i must get the information
less than 0.0001 second.</SPAN></FONT><o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal><FONT face="Times New Roman" size=3><SPAN
style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman'"> </SPAN></FONT><o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal><FONT face=PMingLiU size=2><SPAN style="FONT-SIZE: 10pt">so
have any ideas?</SPAN></FONT><o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal><FONT face="Times New Roman" size=3><SPAN
style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman'"> </SPAN></FONT><o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal><FONT face=PMingLiU size=2><SPAN
style="FONT-SIZE: 10pt">Really thank you!!</SPAN></FONT><o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal><FONT face="Times New Roman" size=3><SPAN
style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman'"> </SPAN></FONT><o:p></o:p></P></DIV>
<BLOCKQUOTE
style="BORDER-RIGHT: medium none; PADDING-RIGHT: 0in; BORDER-TOP: medium none; PADDING-LEFT: 4pt; PADDING-BOTTOM: 0in; MARGIN: 5pt 0in 5pt 3.75pt; BORDER-LEFT: black 1.5pt solid; PADDING-TOP: 0in; BORDER-BOTTOM: medium none">
<DIV>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">If the other machine is sending
a constant 200,000 packets per second and won't slow down, you may be out of
luck. However, if the other machine sends 200,000 packet per second
for a short burst (say 10 seconds), then you should be able to store those
2M packets into your own memory space. After you store the packets,
you can do your analysis.</SPAN></FONT><o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal><FONT face="Times New Roman" size=3><SPAN
style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman'"> </SPAN></FONT><o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">For a quick test, just change
your control loop to do...</SPAN></FONT><o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal><FONT face="Times New Roman" size=3><SPAN
style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman'"> </SPAN></FONT><o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">static int
counter;</SPAN></FONT><o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal><FONT face="Times New Roman" size=3><SPAN
style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman'"> </SPAN></FONT><o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">pcap_next_ex(...);</SPAN></FONT><o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">counter++;</SPAN></FONT><o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal><FONT face="Times New Roman" size=3><SPAN
style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman'"> </SPAN></FONT><o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">That is, don't do anything with
the packet (other than advance the buffer and count how many you
receive). This will tell you how fast your machine can move
through the buffer.</SPAN></FONT><o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal><FONT face="Times New Roman" size=3><SPAN
style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman'"> </SPAN></FONT><o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">If this works well, then you
need to do a memcpy() of the packet into pre-allocated space (i.e. malloc
your own circular queue). This will slow down the loop, but should be
much faster than 0.1ms.</SPAN></FONT><o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal><FONT face="Times New Roman" size=3><SPAN
style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman'"> </SPAN></FONT><o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Last question: Most packet
capturing applications need to decode EVERY packet, are you saying that you
do NOT need to decode every packet? If not, how do you know which
packets you need to decode and which ones you
don't?</SPAN></FONT><o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal><FONT face="Times New Roman" size=3><SPAN
style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman'"> </SPAN></FONT><o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">DC</SPAN></FONT><o:p></o:p></P></DIV></BLOCKQUOTE></DIV>
<P>
<HR>
<P></P>_______________________________________________<BR>Winpcap-users
mailing
list<BR>Winpcap-users@winpcap.org<BR>https://www.winpcap.org/mailman/listinfo/winpcap-users<BR></BLOCKQUOTE></BODY></HTML>