[Winpcap-users] Re: Where does pcap capturing time come from?
Loris Degioanni
loris.degioanni at cacetech.com
Wed Aug 30 15:03:50 GMT 2006
Look at the NPF_tap function, and time_calls.h file in the WinPcap
driver sources.
Loris
Isara Anantavrasilp wrote:
> I would like to know one more thing,
> after Pcap got the tick counts from KeQueryPerformanceCounter, how
> does it convert to "current time"?
>
> I need to implement exactly like it to make my comparison make sense.
>
> -- Isara
>
> On 8/29/06, Isara Anantavrasilp <isara.a at gmail.com> wrote:
>> Thanks a lot!
>> This is exactly what I want to know: the clock.
>> It is pointless measuring the time from two different sources.
>> Now, I know which clock I should look at.
>>
>> Thanks again!
>> Isara
>>
>> On 8/29/06, Loris Degioanni <loris.degioanni at cacetech.com> wrote:
>> > Use QueryPerformanceCounter() from your application.
>> > On most (if not all) modern Windows kernels, QueryPerformanceCounter
>> > (and its kernel counterpart KeQueryPerformanceCounter)are essentially a
>> > call to the rdtsc x86 function, which returns the internal CPU clock
>> > counter.
>> >
>> > QueryPerformanceCounter is safe (and very precise) to use on single
>> > processor machines (even hyperthreaded or multicore), where you're
>> > accessing the same counter that the WinPcap driver uses to timestamp
>> the
>> > packets.
>> > On SMP systems, the situation is a bit more complicated: you might be
>> > reading the timestamp of a different CPU that the driver used, and the
>> > clocks of the two CPUs might be drifting. Again, modern kernel
>> > implementations try to take care of the drifts and should guarantee a
>> > reasonable precision, but you'll have to try and see what you get.
>> >
>> > Loris
>> >
>> >
>> >
>> > Isara Anantavrasilp wrote:
>> > > According to this:
>> > >
>> http://www.mail-archive.com/winpcap-users@winpcap.polito.it/msg02514.html
>> > >
>> > > I learned that pcap called KeQueryPerformanceCounter() to get clock
>> > > ticks since the system starts.
>> > > To me, that ticks is more useful than timeval.
>> > > How can I access the raw cpu time?
>> > >
>> > > -- Isara
>> > >
>> > > On 8/28/06, Isara Anantavrasilp <isara.a at gmail.com> wrote:
>> > >> Hi,
>> > >>
>> > >> There are two questions regarding the topic.
>> > >> 1) Winpcap gets you the capturing time in pcap_pkthdr. I would
>> like to
>> > >> know what is the timestamp exactly?
>> > >> Is it the time when the packet pass through the network interface?
>> > >> And if so, it is in which network layer?
>> > >> As pcap can capture ethernet header, I believe this time is the time
>> > >> where outgoing packet is about to enter physical layer and incoming
>> > >> packets is about to enter from the physical layer.
>> > >>
>> > >>
>> > >> 2) I ran across this gettimeofday code:
>> > >> http://www.usenet.com/newsgroups/comp.ai.neural-nets/msg01068.html
>> > >> Is it the same algorithm as the way pcap got its timestamp?
>> > >>
>> > >> Thanks a lot!
>> > >> Isara Anantavrasilp
>> > >>
>> > > _______________________________________________
>> > > Winpcap-users mailing list
>> > > Winpcap-users at winpcap.org
>> > > https://www.winpcap.org/mailman/listinfo/winpcap-users
>> > >
>> > _______________________________________________
>> > Winpcap-users mailing list
>> > Winpcap-users at winpcap.org
>> > https://www.winpcap.org/mailman/listinfo/winpcap-users
>> >
>>
> _______________________________________________
> Winpcap-users mailing list
> Winpcap-users at winpcap.org
> https://www.winpcap.org/mailman/listinfo/winpcap-users
>
More information about the Winpcap-users
mailing list