[Winpcap-users] How to ensure all packets are captured

[Denis Kourktchan]

Hi Everybody,

 

I am writing an application that is intercepting packets from a network and
after reading a whole lot of posts regarding lost messages I figured the
fault is usually in application taking too long to process a batch of
packets which causes the overfilled buffer to replace oldest messages. So I
decided that the following setup is the best possible way to ensure that my
messages are not lost.

 

1.       Put capture (using pcap_next_ex()) into a different thread then the
processing.

2.       Store packets immediately upon extraction into a custom written
linked list, adding to the end and processing from the front (in different
threads) ensuring no mutex controls are necessary and no idle time.

 

Now here is the problem for which I need your expert advice, since the
pcap_next_ex() returns pointers to data, I still need to extract them (I use
for loop) before I can store which still preoccupies the capture thread and
slows down extraction process. So is there a better way to extract packets
without this delay?

 

I would appreciate any and all advice regarding the optimal solution
architecture wise.

 

Regards,

 

-          Dennis 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.winpcap.org/pipermail/winpcap-users/attachments/20090809/d6028165/attachment.htm