["Fulvio Risso" <fulvio.risso@xxxxxxxxx>]

Dear all,

the WinPcap team is not willing to loose its time with disputes. However, a
lot of false information is circulating on the mailing lists. So, we are
forced to point out a couple of things.

For who is interested in using WinPcap, we would like to say that:
- the proposed patch is a nonsense and it does not solve anything
- we're going to release a version of WinPcap with SMP support in a couple
of weeks (thanks to a company that donated us a SMP machine)

For who is interested just in using WinPcap, he can stop its reading here.

For who is interested in technical stuff, here there is why the patch
proposed by the ntop guys does not work.

The proposed patch basically modifies the 'packet.c' file in two points:
- it removes the block that says "if your machine has more than one CPU,
then stop"
- it uses a macro (whose definition cannot be found anywhere) during filter
initialization.

However, the 'packet.c' is user-level code, which is part of the DLL. With
SMP, the problems are into the kernel portion of the driver, the .SYS file.

The biggest problem is that two tap() can be executed on two CPUs at the
same time. Both are going to insert data into the same buffer, updating the
same pointers. Both buffers and pointers are not protected (i.e. locked)
right now and are still unprotected into the patched version of WinPcap
proposed by the ntop guys.

A second problem comes out when the user changes the filter at run-time.
Here we have more than one CPU, so we cannot say "ok, the tap() is not
working when we're changing the filter, because we have only one CPU". So,
again, we have to protect the change by means of appropriate locks.

A third problem is the timestamp management. If a first tap is called with
packet A, and a second tap is called with packet B, there is no guarantee
that the first tap will finish first. It follows that out of order packets
can appears, maybe because the second tap is faster than the second. Please
note that the timestamp is assigned by the npf.sys driver, so what happens
before calling the methods defined into it is completely out of our control.

All these problems require modifications to the 'read.c' file, which
contains the code of the tap() and related stuff, not 'packet.c'.


We cannot enter in too many details, since you (reader) are probably not
interested in WinPcap internals.
However, we would like to point out that SMP is not an easy stuff and that
you cannot say "now it works on SMP" just disabling the initial block we
placed time ago, when we recognized the existence of such these problems.
It works, yes, but are the result correct?

End of the technical discussion.

Just a note on the http://www.ntop.org/winpcap.html page: it's true that the
ntop guys offered us an access to their SMP machine (on Jan 17, 2003).
However, is there anyone that develops kernel drivers on a remote machine?
What happens when a BSOD occur (quite often, during kernel development)? Do
we have to take the phone every half an hour (or less) to say "please reboot
the machine"? And what happens if the machine doesn't reboot because an
error into the driver (maybe during startup) blocks everything forever?
Please, be serious.

Thanks everyone for the patience in reading this long mail,

	the WinPcap team.


> -----Original Message-----
> From: Luca Deri [mailto:deri@xxxxxxxx]
> Sent: Friday, January 24, 2003 09:50
> To: winpcap-users@xxxxxxxxxxxxxxxxx; ntop
> Cc: mikem@xxxxxxxxx; ethereal-users@xxxxxxxxxxxx;
> snortadmin@xxxxxxxxxxxxxx; Mike Schwarz
> Subject: [WinPcap-users] Announce: WinPcap MP Support
>
>
> Dear all,
> we (Michel Montague and me) have just released a patch for running
> Winpcap 3.X on multiprocessor (MP) machines. This patch allows users to
> run winpcap-based applications such as ntop, nProbe, Ethereal and snort
> on MP machines under Windows.
>
> For more information about this topic please visit
> http://www.ntop.org/winpcap.html. We have tested the patch on Win2K.
> Please report us about other Windows versions.
>
> Have a lot of fun, Luca & Michel
>
> --
> Luca Deri <deri@xxxxxxxx>	http://luca.ntop.org/
> Hacker: someone who loves to program and enjoys being
> clever about it - Richard Stallman
>
>
>
>
> ==================================================================
>  This is the WinPcap users list. It is archived at
>  http://www.mail-archive.com/winpcap-users@xxxxxxxxxxxxxxxxx/
>
>  To unsubscribe use
>  mailto: winpcap-users-request@xxxxxxxxxxxxxxxxx?body=unsubscribe
> ==================================================================