NtKernel filter best performance for reinjecting traffic

Home Forums Discussions Support NtKernel filter best performance for reinjecting traffic

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • #5396
    gmt
    Participant

      Hi,

      We are using the filter in a product and investigating now what is the best way to use the driver for re injecting packets (after processing).

      Initially we used the read method that only read a packet at a time. I saw that there is a way to read multiple packets at a time (I think that should help). If I’m not wrong there there is also a way to re inject multiple packets at a time. That would pose some difficulties though because we are processing packets in different threads (same connection packets are on the same thread always though) and I’m not sure what would be the best approach for this with nt kernel. Are there certain requirements for re injection, or some recommended usage ?

      Any thoughts ?
      Thanks for any ideas,
      -Ghita

      #7153
      Vadim Smirnov
      Keymaster

        ReadPackets/SendPacketsToXXX were added to reduce number of user/kernel context switches and thus increase the performance.

        The easiest approach would be processing packets one by one in one thread, however, if you use multiply threads for and still want to take an advantage of SendPacketsToXXX API calls I would keep an internal queue of packets for each network interface which are ready to send to driver (actually two queues, one for outgoing and one for incoming packets). Queue should be sent to driver on one of two events:
        1) Queue size reached its “immediate sent” size
        2) Timeout occurs

        Size and timeout should be dynamic parameters adjusted depending on the amount of packets you get from the driver. E.g. the faster you read packets from the driver the less the timeout.

        #7154
        gmt
        Participant

          Thanks for your thoughts SerpentFly.

        Viewing 3 posts - 1 through 3 (of 3 total)
        • You must be logged in to reply to this topic.