Comments (7)
The first thing to verify is that you are constructing well-formed packets. Try running WireShark to sniff your injected packets and check for errors.
from windivert.
I'm 100% sure the packets are well formed as I've tested with a simple client, the client would read the original response perfectly fine, then the second cached response (a clone of the original) again, perfectly fine.
I looked in wireshark for anything abormal, but it seems all fine to me. The only thing that really changes is the destination port and ID (which are meant to change).
Is there anything else I should look for?
from windivert.
Which function[s] is that class spending the most time in when sending packets?
I had a similar problem and resolved it by reducing the number of variables I created for each send packet call & instead modifying the existing pData packet directly.
from windivert.
WinDivertSend is the function that's causing me problems. Calling it in my program is almost 10 times as expensive as my entire listening and caching code.
This was actually my second attempt, at first I had tried reversing the incoming packet so that it would send back out with a modified payload, but that had performance issues upon calling WinDivertSend too, so I had tried what I had mentioned originally.
It's not really necessarily that bad of performance if WinDivert can send 700/pps, however since as I could send plenty more with sendto and other winsock functions, I doubt this is expected behavior.
from windivert.
You say that "using WinDivertSend to reinject original UDP packets isn't slow". This is strange since WinDivertSend does not distinguish between modified, unmodified, or new packets -- i.e. they are all treated the same internally.
You can also try using WinDivertSendEx where the "overlapped" parameter is non-NULL. The default WinDivertSend waits to see if the injection was successful, and if not, returns an error code. The WinDivertSendEx function sends the packet and returns immediately, i.e. does not wait for the result, so can be faster. Maybe this is worth trying.
There may be more subtle problems. For example, using WinDivert may reorder packets. This should not matter to a well-written UDP application, but not everything is well-written.
Otherwise I cannot think of an obvious cause for the problem.
from windivert.
I did some more tests using asynchronous IO and it still has the same problems, they're just less visible. The function does return instantly as expected, however wireshark reports that I send a single packet for every 10 or so that I receive.
I'm not sure if this is my problem or not. However, I've rewrote my application using a multi-threaded model and this is handling 70k/pps using 30% of the CPU (not too shabby!!), this will work perfectly for my needs.
I apologize if this issue was too subjective. However without multithreading, my server handled 3k out of 70k, so I presume there's still an issue somewhere?
from windivert.
70k/pps is probably quite a lot for WinDivert, so certainly multi-threading helps.
General performance tips:
- Use multi-threading
- Use WinDivertSendEx() and don't wait for the result. Most programs don't care if send fails because there is nothing that can be done about it anyway.
- Pass WINDIVERT_FLAG_NO_CHECKSUM to WinDivertOpen() if you plan to recalculate the checksums anyway.
- Max out WINDIVERT_PARAM_QUEUE_LEN and WINDIVERT_PARAM_QUEUE_TIME with WinDivertSetParam(), otherwise WinDivert may start dropping packets if the user-mode program is too slow.
As for your specific problem, the exact cause remains unclear. But since it appears solved I guess we can close the issue.
from windivert.
Related Issues (20)
- windivert produce two close event for every udp socket close operation on windows 11 ,but work as intended on windows 10 . HOT 2
- DNS-Malformed Packet HOT 2
- I don't know how to identify icmp packets and associated process id , is there any reference for it ? HOT 2
- WinDivert captures only about 50 UDP packets every few seconds
- Infinite loop: Correct use of batched WinDivertHelperParsePacket with ppNext and pNextLen HOT 2
- WinDivertRecvEx() gets stuck if packets are dropped
- Appropriate way to use passthru example? HOT 2
- Why does moving of addr_len initialization outside of the infinite loop causes WinDivertRecvEx to only ever ready 1 packet? HOT 1
- Open with filter "remoteAddr=12345" , not get any error HOT 1
- Monitoring Packets from a specific NIC HOT 1
- Can Windivert be used to read/write WiFi Direct packets ? HOT 1
- FORWARD layer without any modifications will also affect internet access HOT 6
- TCPChecksum and UDPChecksum are exchanged
- How to capture ARP packets using WinDivert
- Outbound multicast packets are received twice in WinDivert if the sender joins the multicast group
- awfcore.sys (Agnitum Firewall) DPC_WATCHDOG_VIOLATION with WinDivert 2.2.0-D HOT 3
- Inbound packet IPv4_HDR.Protocol empty and addr.TCPChecksum==0 addr.UDPChecksum==0 HOT 2
- Feature: auto-start Base Filtering Engine if it's not running
- Possible kernel memory corruption when used with NVIDIA Broadcast HOT 2
- Can WinDivert modify client IP addresses for a Windows TCP server?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from windivert.