[Winpcap-users] Capturing from a 'tap' type device using 2 network
cards - and how to order the packets
Michael Shiels
MaSSoft at massoftware.com
Wed May 28 14:06:02 GMT 2008
This problem has had a couple attempts and each has failed to get the
packets ALWAYS into the proper order.
It seems some packets hang around for many seconds somewhere in the pcap
world, but I can't say for sure.
The code is doing everything I could find for high speed/high volume
capturing.
Specifically
Timeout of '1' on pcap_open, with flags PCAP_OPENFLAG_PROMISCUOUS
Pcap_setbuff( 5*1024*1024 )
Pcap_setmintocopy(0)
We then have a loop of code that gets the pcap events and does a wait with 1
second timeout, then polls both pcap handles till we find no data ON BOTH
HANDLES. That should retrieve all packets is my understanding. We then
delay the packets in some queues for a period of time, that should allow all
'hardware/software' buffers to empty I expected. Then the packets are
merged by timestamp.
BUT under load it seems that we still some packets stuck somewhere, for
multiple seconds. WE started by waiting for packets to be older than 5
seconds to merge, and it had problems. Bumping the process to wait for 30
seconds before merging packets, seems to work, but it's a supreme
hack/probably not something 100% reliable.
ANY IDEAS?? HELP!!!!!!
More information about the Winpcap-users
mailing list