[Winpcap-users] Winpcap-users Digest, Vol 72, Issue 8

Gianluca Varenni Gianluca.Varenni at riverbed.com
Wed Mar 23 17:41:26 PDT 2011 

Using the direct IOCTLs will not help at all:
1. BIOCSRTIMEOUT is no longer used (as the timeout is implemented in user mode)
2. using BIOCSMINTOCOPY is equivalent to calling PacketSetMinToCopy
3. BIOCSETEVENTHANDLE should not be used directly (the other Packet APIs might stop working properly).
4. If I remember well, he was having problems when capturing from PPP. PPP interfaces are not managed by the NPF driver, they are managed by Netmon (and we use the netmon API to control that).
5. IOCTLs are completely unsupported and can change from version to version of WinPcap.

Have a  nice day
GV

-----Original Message-----
From: winpcap-users-bounces at winpcap.org [mailto:winpcap-users-bounces at winpcap.org] On Behalf Of "Fish" (David B. Trout)
Sent: Thursday, March 17, 2011 7:18 PM
To: winpcap-users at winpcap.org
Subject: Re: [Winpcap-users] Winpcap-users Digest, Vol 72, Issue 8

Does the following help any?


BIOCSRTIMEOUT: IOCTL code: set the read timeout.

  This command sets the maximum timeout after which a read is released, also if no data packets were received. IMPORTANT NOTE: the value '0' (zero) means INFINITE, whereas the value '-1' (minus 1) means "immediate" (i.e. no timeout). This is the complete opposite of WIN32 WaitForSingle/MultipleObjects.


BIOCSMINTOCOPY: IOCTL code: set minimum amount of data in the kernel buffer that unlocks a read call.

  This command sets the OPEN_INSTANCE::MinToCopy member.


BIOCSETEVENTHANDLE: This IOCTL passes the read event HANDLE allocated by the user (packet.dll) to kernel level.

  Parameter: HANDLE Parameter size: sizeof(HANDLE). If the caller is 32 bit, the parameter size is 4 bytes, even if sizeof(HANDLE) at kernel level is 8 bytes. That's why in this IOCTL code handler we detect a 32bit calling process and do the necessary thunking.



Sample PSEUDO code:

  hShutdownEvent = CreateEvent(NULL,TRUE,FALSE,NULL);

  hPacketsEvent = CreateEvent(NULL,TRUE,FALSE,NULL);
  DeviceIoControl( pcap, BIOCSETEVENTHANDLE, hPacketsEvent... );

  DWORD dwMinBytes = 0; // (max responsiveness)
  DeviceIoControl( pcap, BIOCSMINTOCOPY, dwMinBytes ...);

  DWORD dwTimeout = -1; // (max responsiveness)
  DeviceIoControl( pcap, BIOCSRTIMEOUT, dwTimeout ...);

  do
  {
    DWORD dwBytesRead = 0;
    while((dwBytesRead = ReadWinPCap()) > 0)
      ProcessPackets();
    WaitForMultipleEvents( hShutdownEvent, hPacketsEvent, INFINITE );
    ResetEvent( hPacketsEvent );
  }
  while (WaitForSingleEvent( hShutdownEvent, 0 ) != WAIT_OBJECT_0);



Note: the above is for illustrative purposes only. you should use the official packet.dll functions and not call the driver directly.


--
"Fish" (David B. Trout)
 fish at softdevlabs.com

_______________________________________________
Winpcap-users mailing list
Winpcap-users at winpcap.org
https://www.winpcap.org/mailman/listinfo/winpcap-users

More information about the Winpcap-users mailing list