Skip to content

[Win32] High CPU load #1278

New issue
New issue
Open
Open
[Win32] High CPU load#1278
Labels
runtimewindows
@gvanem

Description

@gvanem
gvanem
opened on Jan 12, 2025

I'm successfully running tcpdump (or windump.exe) on my main Win-10 PC (AMD 3.9 GHz) just fine.
But installing Win-11 on a slow Intel I3 CPU, 2.3 GHz (yes it's possible), I find that tcpdump.exe runs with
a CPU load of approx. 24% . Almost makes the PC unusable.
I also use the latest NPcap 1.80 on this Win-11 PC.

The high CPU-load is AFAICS due to PacketReceivePacket() returns immediately when there is no packets to receive. No?
So adding an option --blocking to tcpdump.exe:

--- a/tcpdump.c 2025-01-12 13:22:42
+++ b/tcpdump.c 2025-01-01 15:54:41
@@ -165,6 +165,7 @@
 #endif

 static int Bflag;                      /* buffer size */
+static int blocking;                   /* '--blocking' option used */
 static int64_t Cflag;                  /* rotate dump files after this many bytes */
 static int Cflag_count;                        /* Keep track of which file number we're writing */
 static int Dflag;                      /* list available devices and exit */
@@ -646,6 +647,7 @@
 #define OPTION_LENGTHS                 138
 #define OPTION_TIME_T_SIZE             139
 #define OPTION_SKIP                    140
+#define OPTION_BLOCKING                141

 static const struct option longopts[] = {
        { "buffer-size", required_argument, NULL, 'B' },
@@ -656,6 +658,7 @@
        { "help", no_argument, NULL, 'h' },
        { "interface", required_argument, NULL, 'i' },
        { "monitor-mode", no_argument, NULL, 'I' },
+       { "blocking", no_argument, NULL, OPTION_BLOCKING },
 #ifdef HAVE_PCAP_SET_TSTAMP_TYPE
        { "time-stamp-type", required_argument, NULL, 'j' },
        { "list-time-stamp-types", no_argument, NULL, 'J' },
@@ -1259,6 +1262,10 @@
                        return (NULL);
                error("%s", ebuf);
        }
+       status = pcap_setnonblock(pc, !blocking, ebuf);
+       if (status != 0)
+          error("%s", ebuf);
+
 #ifdef HAVE_PCAP_SET_TSTAMP_TYPE
        if (Jflag)
                show_tstamp_types_and_exit(pc, device);
@@ -1808,6 +1815,11 @@
                        ++Iflag;
                        break;

+               case OPTION_BLOCKING:
+                       blocking = 1;
+                       timeout = 0;
+                       break;
+
 #ifdef HAVE_PCAP_SET_TSTAMP_TYPE
                case 'j':
                        jflag = pcap_tstamp_type_name_to_val(optarg);

the CPU-load on the Win-11 PC decreases to only 0.1% on average.

Does this make sense?
I'm not sure about the relationship between a timeout = 0 and a call to pcap_setnonblock(pc, 0).

And BTW, I find no call to pcap_setnonblock() in Wireshark either.

Metadata

Metadata

Assignees

No one assigned

    Labels

    runtimewindows

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions