WinPKFilter Data Usage

Home Forums Discussions Support Portal WinPKFilter Data Usage

This topic contains 3 replies, has 2 voices, and was last updated by  nat32support 3 years, 6 months ago.

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • #5400

    siddappa
    Participant

    Hi,

    If there any way to track Download/upload Data in bytes for individual MAC address using Winpkfilter? If yes how should i proceed with implementation? Please share some pointers,so that i can dig further.

    Regards,
    Siddappa

    #7160

    nat32support
    Participant

    @siddappa wrote:

    If there any way to track Download/upload Data in bytes for individual MAC address using Winpkfilter? If yes how should i proceed with implementation? Please share some pointers,so that i can dig further.

    The filter mechanism can be used, because it records the number of packets and the number of bytes received for each match. So if you define individual filters for each MAC address of interest, you can then obtain those values by calling the GetPacketFilterTable function.

    #7161

    siddappa
    Participant

    is there any limit for setting number of filters?? Also would it hit the performance if more and more filters gets added?

    #7162

    nat32support
    Participant

    @siddappa wrote:

    is there any limit for setting number of filters?? Also would it hit the performance if more and more filters gets added?


    struct _STATIC_FILTER_TABLE{
    unsigned long m_TableSize;
    STATIC_FILTER m_StaticFilters[ANY_SIZE];
    }

    Regarding performance:
    I’m assuming the driver searches filter table sequentially each time a packet is received. If so, the average search time will of course increase as the table becomes larger. You will just have to test this on your hardware to see how your software performs.

    Note that if you were to pass each packet to your application and do the filtering there, performance will be very much worse, even if you use hashing to perform the filtering. The reason for this is that the kernel-user-kernel transitions are expensive. Tests I’ve done here with my software definitely confirm this.

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.