[Winpcap-users] EXT : WinPCAP Packet ordering
Black, Michael (IS)
Michael.Black2 at ngc.com
Fri Feb 25 05:04:59 PST 2011
I've been trying to tell you that UDP does NOT guarantee ordering. And guess what you found...it's out of order.
It also doesn't guarantee delivery. Your lucky you're not dropping packets...if you overrun the IP queue you would be dropping them. You shouldb be using TCP. Or...you need a sequence number in the packet so you can reassemble the order yourself.
That's why its nickname is "Unreliable Datagram Protocol".
You're probably seeing multi-core processing of packets...so it can pick them out of order since it doesn't violate the protocol.
Michael D. Black
NG Information Systems
Advanced Analytics Directorate
From: winpcap-users-bounces at winpcap.org [winpcap-users-bounces at winpcap.org] on behalf of neil.powell neil.powell [neil.powell at HERRHAIR.COM]
Sent: Friday, February 25, 2011 2:44 AM
To: winpcap-users at winpcap.org
Cc: neil.powell neil.powell
Subject: EXT :[Winpcap-users] WinPCAP Packet ordering
I would like to ask a question to the mailing list; I apologise if this has been
answered before I did search the archive but didn't see anything relating to my
Firstly let me explain what I am trying to achieve...
I am writing a Windows application that is targeting Windows 7 64bit
multiprocessor machines. The basic idea is as follows.... I have a piece of
hardware (FPGA based) that is delivering layer II packets over a Gbit network;
each packet is NO more than 1500 bytes. The data rate pushed out of the FPGA is
typically 50Mbytes per sec or lower.
The purpose of the Windows application is the capture each packet off the
network, do some quick data integrity checks on the payload and dump it to disk
ASAP. The FPGA has a 12bit packet counter (0-4095); this count is placed inside
our bespoke payload so that the data can be reconstituted on the PC. During the
data integrity checks I check the packet count to ensure the packets are in
order before I begin reconstituting the data; I also sanity check the timestamp
of each packet to make sure it too is increasing.
Here is my question/problem.....
On multicore 64 bit machines (with a 64 bit OS) can the packets come out of
My justification for the question is as follows. During debug of the windows
application I report the timestamp and pkt number of each packet. Whilst it
appears that I do not drop packets I do see packets numbers come out of order.
Here is a debug trace.
Timestamp Pkt #
15:38:40:415428 Found Packet: 2236 Expecting Packet: 2228
15:38:40:415433 Found Packet: 2228 Expecting Packet: 2240
15:38:40:415453 Found Packet: 2240 Expecting Packet: 2236
If you follow the trace you can see that I don't drop packets but they are
indeed out of order.
I must stress that this situation is NOT frequent but is exacerbated by high
data rates or heavy disk usage.
I have spent some time eliminating all the obvious… debug output buffering,
FPGA output and disk writes all of which have drawn a blank.
I am using WinPCAP in the following manner:
snaplen = 1500;
read_timeout = 0;
Thank you in advance
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Winpcap-users