[Winpcap-users] capturing traffic from multiple adapters and storage into a common storage.

[Oron Asaf]

I write a real time app that sniffs packets from multiple adapters and
stores them in a single queue for later processing. Following an example
in one of the archives I tried using WaitForMultipleObjects where I wait
on an array of event handles obtained for each adapter through
pcap_getevent. Whenever I get an event I start a loop of pcap_next_ex
which reads packets as long as this function returns status > zero.
Otherwise I quit the loop and return to wait on WaitForMultipleObjects .
I have encountered several issues:

 

1.	Regarding the read time out. What does its expiration mean? What
should I do if I receive it, exit the loop since no more packets were
read? Currently I use read timoeout = -1 to avoid return status zero in
pcap_next_ex. 
2.	When does wpcap generate an event? For each packet? Is it
related to the read timeout in any way? Can I control it?
3.	Before using events I tried to use the callback method and ran
into crashes. The callback used a semaphore to prevent simultaneous
writes into the packet queue generated by my program: sometimes the call
to the semaphore would crash. Is the wpcap callback called from within
an interrupt handler since this would explain such behavior? Does
anybody know of a way to work safely with callbacks for multiple
adapters which share common resources?

 

Thank you 

 

 

Asaf

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.winpcap.org/pipermail/winpcap-users/attachments/20070816/87ae39f9/attachment.htm