[Winpcap-users] problem using winpcap 3.1 with windows service

Bryan Kadzban bryan at kadzban.is-a-geek.net
Fri Sep 9 16:48:16 GMT 2005 

On Fri, Sep 09, 2005 at 04:16:43AM -0700, Gianluca Varenni wrote:
> Replies quoted with --GV--
> 
> Have a nice day
> GV
> 
> 
> ----- Original Message ----- 
> From: "Bryan Kadzban" <bryan at kadzban.is-a-geek.net>
> To: <winpcap-users at winpcap.org>
> Sent: Wednesday, September 07, 2005 3:18 PM
> Subject: Re: [Winpcap-users] problem using winpcap 3.1 with windows service
> 
> Michael Ryan wrote:
> >
> >I have a service that uses winpcap. The service is set to start
> >automatically.
> 
> Have you tried to set the start type on the "NetGroup Packet Filter"
> driver to "automatic" or "system"?
> 
> --GV-- 
> This is not needed: the netgroup packet filter (NPF) is started on request 
> by packet.dll using OpenService/StartService.
> --GV--
> 

Yes, but on machine startup, it takes forever to start a service unless
you're the OS.

If you call OpenService/StartService, it will eventually succeed, but it
usually takes upwards of 30 seconds (regardless of the service involved;
this is just overhead waiting for the service control manager).  In the
meantime, since Michael's service hasn't called
StartServiceCtrlDispatcher (because packet.dll and/or wanpacket.dll are
still executing their DllMain/PROCESS_ATTACH notifications; nothing in
Michael's main() function has yet executed), the SCM says "well, this
service is taking too long to start", logs a message to that effect, and
kills the service's process.

> WinPcap's DLLs
> start NM for sure; I think they also start NPF but I'm not positive on
> that.
> 
> --GV--
> WinPcap starts NPF automatically, but not NM (it should be started 
> automatically by the MS NetMon COM component).

Right, that's what I meant; I should have been more specific.
packet.dll loads wanpacket.dll (through an explicit dependency), which
loads the Netmon DLL (using LoadLibrary; I don't think this is correct,
but it usually works, so good enough), which starts the service.

> It seems that the NetMon 
> driver (NM) has some bug (or similar) that causes it to take a *long* time 
> to load, causing all these problems. However, I'm still investigating the 
> problem.
> --GV--

Is this always the case?  I would think that it would only take a long
time to load if it's being loaded during system startup (in effect,
outside the SCM's service startup order, which is what causes it to take
a long time -- the StartService call is likely waiting to lock some
internal SCM structure or something).

In short: I think the problem could be mitigated if Michael's service
explicitly depends on the drivers that are required (npf and nm),
so that the SCM starts them first, rather than trying to load them as
needed.  Setting those drivers to "system" or "boot" is an alternative
way to get them to start first, but a dependency is probably a better
solution.

This is not what's needed (or even necessarily wanted) for most programs
that use WinPcap, but for services that load at startup, it definitely
is.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://www.winpcap.org/pipermail/winpcap-users/attachments/20050909/645f4514/attachment.pgp

More information about the Winpcap-users mailing list