WinPKFilter Data Usage

Home Forums Discussions Support WinPKFilter Data Usage

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • #5400
    siddappa
    Participant

      Hi,

      If there any way to track Download/upload Data in bytes for individual MAC address using Winpkfilter? If yes how should i proceed with implementation? Please share some pointers,so that i can dig further.

      Regards,
      Siddappa

      #7160
      nat32support
      Participant

        @siddappa wrote:

        If there any way to track Download/upload Data in bytes for individual MAC address using Winpkfilter? If yes how should i proceed with implementation? Please share some pointers,so that i can dig further.

        The filter mechanism can be used, because it records the number of packets and the number of bytes received for each match. So if you define individual filters for each MAC address of interest, you can then obtain those values by calling the GetPacketFilterTable function.

        #7161
        siddappa
        Participant

          is there any limit for setting number of filters?? Also would it hit the performance if more and more filters gets added?

          #7162
          nat32support
          Participant

            @siddappa wrote:

            is there any limit for setting number of filters?? Also would it hit the performance if more and more filters gets added?


            struct _STATIC_FILTER_TABLE{
            unsigned long m_TableSize;
            STATIC_FILTER m_StaticFilters[ANY_SIZE];
            }

            Regarding performance:
            I’m assuming the driver searches filter table sequentially each time a packet is received. If so, the average search time will of course increase as the table becomes larger. You will just have to test this on your hardware to see how your software performs.

            Note that if you were to pass each packet to your application and do the filtering there, performance will be very much worse, even if you use hashing to perform the filtering. The reason for this is that the kernel-user-kernel transitions are expensive. Tests I’ve done here with my software definitely confirm this.

          Viewing 4 posts - 1 through 4 (of 4 total)
          • You must be logged in to reply to this topic.