[Winpcap-users] NPF Device Driver
Gianluca Varenni
gianluca.varenni at cacetech.com
Mon Apr 13 11:22:05 PDT 2009
Answers inline, marked as "--GV--"
Have a nice day
GV
PS: please reply to the mailing list as well.
----- Original Message -----
From: Alessandro Capucci
To: Gianluca Varenni
Sent: Saturday, April 11, 2009 5:03 AM
Subject: Re: [Winpcap-users] NPF Device Driver
Tnk, I reply to you inline in this mail in RED.
Il giorno 10/apr/09, alle ore 21:12, Gianluca Varenni ha scritto:
----- Original Message -----
From: Alessandro Capucci
To: winpcap-users at winpcap.org
Sent: Friday, April 10, 2009 3:18 AM
Subject: [Winpcap-users] NPF Device Driver
Hello to every body,
I'm new in WinPCap library... I'm study it for an interesting new project...
10GBit deep packet inspection. I'm try to connect directly with WinPCap NPF
driver for best performance. All work fine on my 1GBit adapter! Next week
I'll hope to star test with 10GBit adapter.
By "connecting directly to the WinPcap Driver" you mean calling the Packet
API directly?
-> YES, I'm connecting directly to NPF driver via Packet32.c interface (I
haven't use Packet.dll). I'm using Vista, but next week I'll try Windows
Server 2008 to take advantage of NDIS 6.2 and RSS.
--GV--
I wouldn't actually do that. Unless you modify npf.sys to become an NDIS 6
protocol driver, npf.sys is an NDIS 5 driver. On Vista/2008 NDIS5 is
"emulated" on top of NDIS6 with an adaptation shim. So you might actually
incur into a perf hit.
--GV--
I've some question:
0) Do you think that NPF driver with a good hardware can be able to capture
10GBit ethernet packet without sensible packet lost ?
No, I don't think so. Capturing at 10Gbps, expecially in the worst case i.e.
64byte packets, it's an extremely challenging task. Even custom capture
cards (which cost thousands of dollars) have a very hard time dealing with
such an amount of packets.
-> Tnk, i'll try benchmark WinPCap NPF Driver with generalpurpose ethernet
adapter like PCI-Express Intel® 10 Gigabit XF SR Server Adapters (with RSS
enabled) VERSUS an specialized card like DAG by Endace.
1) Packet.dll functions are callable in multithread applications ? For
example can I call PacketReceivePacket or PacketGetStats in two different
concurent thread on the same device ? Are serialized ?
In general the functions are not thread safe when working on the same
LPADAPTER structure.
->Ok tnk, I'll put it in critical section.
--GV--
If performance is your main objective, then putting a critical section might
again hurt performance. I would be careful with that.
--GV--
2) WinPCap NPF drive is able to take advantage of RSS (Receive Side Scaling)
availble in Win2008 server
(http://msdn.microsoft.com/en-us/library/ms795609.aspx)?
No.
ANOTHER QUESTION:
Next week I'll try to introduce another value in the information callback,
not only Packet Received and Packet Dropped but percentage of use of the
kernel circular buffer for CPU. I think that this value could be usefull to
tuning Kernel side buffer size.
Do you think that could be usefull to introduce in your public distribution?
--GV--
How would you use it?
GV
--GV--
Have a nice day
GV
Tnk you very much!
Alessandro
_______________________________________________
Winpcap-users mailing list
Winpcap-users at winpcap.org
https://www.winpcap.org/mailman/listinfo/winpcap-users
More information about the Winpcap-users
mailing list