Update: Winpcap support on Multiprocessor (MP) Machines

In early February Fulvio Risso (one of the core WinPcap developers) called me and promised me to release MP support in a couple of weeks. On 10/02/2003, the Winpcap group has announced native MP support. This was the ultimate goal we wanted to reach when we released the MP patch. We would like to thank Fulvio and his folks for their work!

Below you can find the original page about the MP patch we provided.

Winpcap support on Multiprocessor (MP) Machines

ntop and many other applications such as ethereal and snort, rely on a packet capture library named libpcap (where pcap stands for packet capture). Libpcap does not run on windows. A windows port of libpcap, developed and maintained by the Politecnico di Torino, is named winpcap. Winpcap runs beautifully on single processor machines but it does not start on MP machines. The developers claim that they do not support MP in wincap as they have no access to a MP machine.

Please note that libpcap on Unix system is already multiprocessor aware.

In the past I have proposed them to access via Windows Terminal Services a MP machine I have on the Internet for testing so that they can do the porting. Unfortunately the Winpcap guys not answered so far. As some ntop users have MP machines, with the help of Michel Montague who ported the code on MP, I have decided to release a port of WiinPcap for MP machine until the Winpcap guys will decide to support it natively on they code tree.

Installation

We have tested the installation on Win2K so bear in mind that your mileage may vary on other OSs.

  1. Get Wincap 3.x (not 2.3) either from Polito or here (local copy).
  2. Remove past Winpcap installations if any (if so you better reboot the machine before proceeding).
  3. Install Winpcap that you've just downloaded.
  4. Get the WinPcap MP patch.
  5. Install the patch
  6. At this point you should be able to run Winpcap-based applications on your PC. For instance you can try to run windump.

Please report to ntop mailing list about WinNT/XP compatibility.

Source Code

If you want to rebuild your driver with MP support you need to first patch the code, then rebuild the driver as explained on the winpcap source distribution file.

Patching your code requires you to edit the file winpcap/packetNtx/driver/Packet.c as follows: 

# diff Packet.c ~/tmp/Packet.c
62a63,64
> extern NDIS_SPIN_LOCK NamedEventsCounterLock;
> extern KSPIN_LOCK G_Start_Time_Lock;
91a94
> /*
95a99
> */
140a145,146
>     NdisAllocateSpinLock(&NamedEventsCounterLock);
>       KeInitializeSpinLock(&G_Start_Time_Lock);
574a581
>       struct time_conv    time_copy;
677c684,686
<                       if(bpf_filter_init(initprogram,&(Open->mem_ex),&(Open->tme), &G_Start_Time)!=INIT_OK)
---
>                       TIME_COPY(&time_copy, &G_Start_Time, &G_Start_Time_Lock);
>
>                       if(bpf_filter_init(initprogram,&(Open->mem_ex),&(Open->tme), &time_copy)!=INIT_OK)

If you're lazy you can use this patched Packet.c file (it's Winpcap 3.0 beta 2).

Conclusions

Many thanks to Michel Montague for making the port and to Yuri Francalacci for testing it on Win2K. We have used the new driver on several MP PCs with Win2K and we can guarantee it works. Only some of them failed to work because they have very peculiar network cards and not because of the port. We hope that the Wincap guys will soon integrate this patch into their code.

© 2003 - Luca Deri