Wireshark-dev: Re: [Wireshark-dev] [Winpcap-users] RE: ring buffer
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: "Gianluca Varenni" <gianluca.varenni@xxxxxxxxxxxx>
Date: Fri, 9 May 2008 10:20:52 -0700
First of all, I wouldn't play with thread priorities unless absolutely needed. Second, are you using two threads just because you expect to have better performance using them? If so, I would just try to remove them and use one single thread to dump to disk, and see what happens. The perf gain that you might achieve using two threads might be completely lost by the fact that you need to copy packets and you have synchronization to manage the shared queue. 

Have a nice day
GV
----- Original Message ----- From: "Maria de Fatima Requena" <MariaF.Requena@xxxxxx> To: "Developer support list for Wireshark" <wireshark-dev@xxxxxxxxxxxxx>; <winpcap-users@xxxxxxxxxxx> 
Sent: Thursday, May 08, 2008 11:22 PM
Subject: RE: [Wireshark-dev] [Winpcap-users] RE: ring buffer
I have thought about synchronization issues, but all what I have done is give highest priority to 'producer' and defect one for 'consumer'. I think that the worst it can happen like this is leading consumer to starvation, but I also think that this is not happening right now because of CPU scheduling.
On the other hand, I can't take out load from the producer without passing copied packets. Thus, is there any solution to my problem? Wireshark works fine, so there must be a way, isn't there? 


María de Fátima Requena Cabot (2488)
+34 91 787 23 00 alhambra-eidos.es


-----Mensaje original-----
De: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] En nombre de Gianluca Varenni 
Enviado el: viernes, 09 de mayo de 2008 2:03
Para: winpcap-users@xxxxxxxxxxx; Developer support list for Wireshark
CC: winpcap-users@xxxxxxxxxxx
Asunto: Re: [Wireshark-dev] [Winpcap-users] RE: ring buffer
----- Original Message ----- From: "Maria de Fatima Requena" <MariaF.Requena@xxxxxx> 
To: "Developer support list for Wireshark" <wireshark-dev@xxxxxxxxxxxxx>
Cc: <winpcap-users@xxxxxxxxxxx>
Sent: Tuesday, May 06, 2008 11:27 PM
Subject: [Winpcap-users] RE: [Wireshark-dev] ring buffer



We thought about that, so at packet handler method what I do is pushing
packets inside a global queue just to avoid interfering with packets
capture. A different thread is in charge of popping packets and manage
them. Both threads have same priority at the moment, I don't know if I
should change this somehow.
Well, if you are pushing packets in a queue, you are probably copying them, 
which introduced overhead. And since it's a queue shared by 2 thread, you
surely have some sort of synchronization, which can introduce some further
overhead.


I took a look at Wireshark source code, and the read timeout parameter in
pcap_open is set to 250 there (not 1000 like savedump example). According
to my problem, which choice is the best?


I think that wireshark sets it to 250 ms to have a faster refresh on the
screen. Putting a timeout of 250 vs 1000ms doesn't affect performance a lot 
in case of high traffic.

Have a nice day
GV



María de Fátima Requena Cabot (2488)
+34 91 787 23 00 alhambra-eidos.es



-----Mensaje original-----
De: wireshark-dev-bounces@xxxxxxxxxxxxx
[mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] En nombre de Gianluca Varenni 
Enviado el: martes, 06 de mayo de 2008 17:58
Para: Developer support list for Wireshark
CC: winpcap-users@xxxxxxxxxxx
Asunto: Re: [Wireshark-dev] ring buffer

As you can see from the savedump source code, the code to dump packets is
minimal. And the sample uses the standard parameters to the pcap
functions.
I think your application drops packets because it's somewhat slow at
processing packets (if you are doing any processing). What are you doing
after you receive a packet?

Have a nice day
GV

PS: I CCed the winpcap-users mailing list, as your question is more
related
to that mailing list rather than wireshark-dev
----- Original Message ----- From: "Maria de Fatima Requena" <MariaF.Requena@xxxxxx> 
To: "Developer support list for Wireshark" <wireshark-dev@xxxxxxxxxxxxx>
Sent: Monday, May 05, 2008 11:38 PM
Subject: Re: [Wireshark-dev] ring buffer


Oh, thanks.

I have done two tests, and I think savedump doesnt miss any packets. What
can be the problem then? Maybe parameters in pcap functions or buffering?


María de Fátima Requena Cabot (2488)
+34 91 787 23 00 alhambra-eidos.es



-----Mensaje original-----
De: wireshark-dev-bounces@xxxxxxxxxxxxx
[mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] En nombre de Gianluca Varenni 
Enviado el: lunes, 05 de mayo de 2008 18:17
Para: Developer support list for Wireshark
Asunto: Re: [Wireshark-dev] ring buffer

What do you mean by "quite unreadable"?

savedump creates a pcap-compatible file that can be opened with wireshark
(it's not a text file, it's pcap file i.e. binary).

Have a nice day
GV
----- Original Message ----- From: "Maria de Fatima Requena" <MariaF.Requena@xxxxxx> 
To: "Developer support list for Wireshark" <wireshark-dev@xxxxxxxxxxxxx>
Sent: Sunday, May 04, 2008 11:34 PM
Subject: Re: [Wireshark-dev] ring buffer


I have tried it and the content of the capture file (which I have given
the
name of 'dump.txt') is quite unreadable.


María de Fátima Requena Cabot (2488)
+34 91 787 23 00 alhambra-eidos.es


-----Mensaje original-----
De: wireshark-dev-bounces@xxxxxxxxxxxxx
[mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] En nombre de Gianluca Varenni 
Enviado el: viernes, 02 de mayo de 2008 22:33
Para: Developer support list for Wireshark
Asunto: Re: [Wireshark-dev] ring buffer

Out of curiosity, does the sample in the WinPcap developer's pack named
wpdpack\Examples-pcap\savedump lose packets as well?

Have a nice day
GV
----- Original Message ----- From: "Maria de Fatima Requena" <MariaF.Requena@xxxxxx> 
To: "Developer support list for Wireshark" <wireshark-dev@xxxxxxxxxxxxx>
Sent: Friday, May 02, 2008 4:39 AM
Subject: [Wireshark-dev] ring buffer


Hi

I am implementing a packet sniffer with VS. I posted some time ago
problems
with losing packets, and someone here suggested me that it could be a
problem between disk access and NIC speed.

I have done some research, and it seems this doesn't happen to Wireshark
because of the use of a ring buffer. Can someone tell me which files
(apart
from ringbuffer.c) are involved in Wireshark avoiding packet loss? Can I
use
any configuration of Winpcap function parameters for losing less packets?

Thanks in advance


María de Fátima Requena Cabot (2488)
+34 91 787 23 00 alhambra-eidos.es


_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev

_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev

_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev

_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev

_______________________________________________
Winpcap-users mailing list
Winpcap-users@xxxxxxxxxxx
https://www.winpcap.org/mailman/listinfo/winpcap-users


_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev

_______________________________________________
Winpcap-users mailing list
Winpcap-users@xxxxxxxxxxx
https://www.winpcap.org/mailman/listinfo/winpcap-users