[Winpcap-users] Winpcap-users Digest, Vol 72, Issue 8
Fish" (David B. Trout
fish at infidels.org
Thu Mar 17 19:18:05 PDT 2011
Does the following help any?
BIOCSRTIMEOUT: IOCTL code: set the read timeout.
This command sets the maximum timeout after which a read is released, also
if no data packets were received. IMPORTANT NOTE: the value '0' (zero) means
INFINITE, whereas the value '-1' (minus 1) means "immediate" (i.e. no
timeout). This is the complete opposite of WIN32
WaitForSingle/MultipleObjects.
BIOCSMINTOCOPY: IOCTL code: set minimum amount of data in the kernel buffer
that unlocks a read call.
This command sets the OPEN_INSTANCE::MinToCopy member.
BIOCSETEVENTHANDLE: This IOCTL passes the read event HANDLE allocated by the
user (packet.dll) to kernel level.
Parameter: HANDLE Parameter size: sizeof(HANDLE). If the caller is 32 bit,
the parameter size is 4 bytes, even if sizeof(HANDLE) at kernel level is 8
bytes. That's why in this IOCTL code handler we detect a 32bit calling
process and do the necessary thunking.
Sample PSEUDO code:
hShutdownEvent = CreateEvent(NULL,TRUE,FALSE,NULL);
hPacketsEvent = CreateEvent(NULL,TRUE,FALSE,NULL);
DeviceIoControl( pcap, BIOCSETEVENTHANDLE, hPacketsEvent... );
DWORD dwMinBytes = 0; // (max responsiveness)
DeviceIoControl( pcap, BIOCSMINTOCOPY, dwMinBytes ...);
DWORD dwTimeout = -1; // (max responsiveness)
DeviceIoControl( pcap, BIOCSRTIMEOUT, dwTimeout ...);
do
{
DWORD dwBytesRead = 0;
while((dwBytesRead = ReadWinPCap()) > 0)
ProcessPackets();
WaitForMultipleEvents( hShutdownEvent, hPacketsEvent, INFINITE );
ResetEvent( hPacketsEvent );
}
while (WaitForSingleEvent( hShutdownEvent, 0 ) != WAIT_OBJECT_0);
Note: the above is for illustrative purposes only. you should use the
official packet.dll functions and not call the driver directly.
--
"Fish" (David B. Trout)
fish at softdevlabs.com
More information about the Winpcap-users
mailing list