Technical Reference

Capabilities

The Network Trace device driver is compatible with NDIS v2.0.1 and a single instance of the driver can be bound to up to 8 MAC drivers simultaneously. This allows you to take a trace from anyone of eight network adapters in a single system. You may also trace two adapters at the same time by installing multiple copies of the Network Trace program. Each new copy of the Network Capture Tool will require it's own copy of the NTRACE$ driver. To achieve this, make a copy of the driver and rename it to a new name (NTRACE1$, NTRACE2$...).

The Network Trace program may also be used in the development or problem determination of a Protocol Driver. By positioning a copy of the NTRACE$ driver both before and after the target protocol driver in the Config.sys file, you will be able to view the frames used by that protocol driver. The BindTree utility is helpful in setting up this configuration.

Depending on the network interface adapter and its driver's capabilities, the capture tool may yield a wide variety of results. The most important characteristics of network interfaces are:

The ability of the MAC driver to run in promiscuous mode.

Note:

Without promiscuous mode, the trace is limited to broadcast frames, multicast frames and frames directly addressed to this network adapter.

The MAC drivers support for multiple copies of the same frame.

Note:

All MAC drivers supporting "Receive Chain" will also support multiple copies of the same frame. For MAC drivers that support "Receive Look Ahead" multiple copies of the same frame may not be supported. In this case the trace is limited to the first 256 bytes of each frame.

System Memory Usage

When dormant the driver consumes very little memory (less than 16KB). When the Network Trace program starts, the driver allocates some system global memory for its exclusive use. This memory is allocated in 64KB segments and is permanently resident (locked) during entire trace session. The driver creates its intermediate buffers in these 64KB segments. The total number of segments allocated is controlled by the NTRACE.exe application when it starts the trace session.

The number of intermediate buffers determines the driver's trace capability. To estimate the number of buffers the driver creates for a specified number of 64Kb segments, do the following calculations:

In sliced mode, take slice size, otherwise take the maximal frame size for your network;
Round this number up to double word boundary;
Add 16 to take in account headers;
Divide 65536 by that number and take the integer part of the result.

The result of this calculation is the number of buffers per 64KB segment. The total number of intermediate buffers can be calculated by multiplying this number by the number of 64KB segments.

The intermediate buffers are organized into the empty buffer list and the loaded buffer list. At start time, the empty buffer list holds all the buffers and the loaded buffer list is empty. Each frame needs a separate intermediate buffer. The device driver operates independently from the NTRACE.exe application when receiving frames. When a frame is received the device driver copies the information into an intermediate buffer from the empty buffer list and then moves that buffer over to the loaded buffer list.

The NTRACE.exe application waits for buffers to appear in the loaded buffer list. It copies the information into its own large capture buffer and returns the intermediate buffer into the empty buffer list.

The rate of incoming frames determines the rate of consumption of empty buffers. The speed of the application determines the rate of returning empty buffers. There can be situations when incoming frames consume intermediate buffers faster than the Network Trace program is able to process them. If the driver runs out of empty buffers, it will use the oldest buffer in the loaded buffer list and indicate that a frame loss has occurred.

When the Network Trace program stops the driver releases the global memory used for internal buffers back to the system. The number of internal buffers used is displayed when the Network Trace program is stopped. This information may help determine if different parameter settings are required the next time the Capture is run.

GDT usage

GDT stands for Global Descriptors Table. GDT contains selectors to memory objects addressable at any time. This is why GDT selectors are so important for driver/application communications. GDT holds up to 8192 selectors and by nature is a global system object, so all the drivers and kernel routines have to share it.

The capture session needs a number of GDT selectors. Every 64Kb segment of global system memory allocated for use as intermediate buffers requires a GDT selector. Besides that, three GDT selectors are used to access the large trace buffer in ring 3 while the trace session is active:

selector for the pointer to the trace buffer header
selector for the current Write Pointer
selector for the current Read Pointer

Unfortunately, GDT selectors can not be acquired and released at application time. This limitation dictates a strategy to chose the maximal number of GDT selectors to reserve at system initialization time.

PROTOCOL.INI

[NTRACE]

	DriverName=NTRACE$
	Bindings="MAC Driver Name,MAC Driver Name..."
	PacketFilter=7
	MaxBufSegemnts=64
	RejectFrames=21

During the initialization process of the MAC driver, it reads the parameters in the Protocol.INI file. The above section and list of statements are required for proper operation of the Network Trace program. If you run multiple copies of the Network Trace program, you will need a [Trace] section for each one and each section must have it's own unique DriverName.

The protocol.ini file is made up of sections. Each section begins with a name in brackets [Trace] and must contain at least two statements. The Driver Name statement must match the name given to the driver's instance. The default is NTRACE$. Valid names can contain no more than 8 characters.

DriverName = driver's-instance-name

The Bindings statement contains the names of MAC drivers that the DriverName should bind to. The list may contain a maximum of 8 MAC driver names and the names should be separated by a blank space..

Bindings = MAC-name [... MAC-name]

The MaxBufSegments statement specifies the number of GDT segments to be reserved for possible use during the execution of the Network Trace program. The segments are allocated in 64Kb blocks of memory and are used as an intermediate buffer. The size of this intermediate buffer affects the Network Trace program's ability to process all incoming frames under a heavy network load. The default number is 4, and the maximum is 128.

When the Network Trace program is started, the real number of segments allocate is specified with the #Segs parameter of the Capture command. The number specified in the #Segs parameter may not exceed the number stated in MaxBufSegments statement

MaxBufSegments = number-of-segments

The PacketFilter statement overrides the packet filter value the MAC driver calculates on its own. Sometimes calculated value doesn't work as expected. Manually setting this value illuminates these problems.

The Decimal-packet-filter-value is calculated as sum of the following:

1	For accepting directly addressed frames
2	For accepting broadcast frames
4	For accepting frames promiscuously
8	For accepting source routing frames

Packet filter belongs to the MAC driver and defines how much of the network traffic is visible to the network interface adapter.

PacketFilter = decimal-packet-filter-value

The RejectFrames statement value activates a filter for the frames the Network Trace program makes available to the rest of the system. The primary use of it is compensation of interface card promiscuity introduced by the Capture driver itself.

The PacketFilter statement provides filtering of frames coming into the Network Trace program while the RejectFrames statement provides filtering for the frames exiting the Network Trace program.

The Decimal-reject-filter-value is calculated as sum of the following:

1	To deny frames with foreign destination address
2	To deny broadcast frames
4	To deny NULL-addressed frames
16	To deny frames with foreign functional address (Token Ring only)
32	To deny MAC broadcast frames (Token Ring Only)
64	To deny pure MAC frames (Token Ring only)

A destination address is considered foreign if it does not match the current MAC address or any of the multicast addresses defined by the time of the frame reception. A functional address is considered foreign if it has no common bits with the current MAC functional address.

RejectFrames = decimal-reject-filter-value

To compensate the MAC promiscuity, use reject filter of 5 for Ethernet and 21 for Token Ring. By default, there is no reject filter active.

PROTOCOL.INI example:

[PROT_MAN]

DRIVERNAME = PROTMAN$

[IBMLXCFG]

tcpip_nif = tcpip.nif
NULLNDIS_nif = nullndis.nif

[tcpip_nif]

DriverName = TCPIP$
Bindings = NULLNDIS_nif

[NTRACE]

   DriverName=NTRACE$
   Bindings=NULLNDIS_nif
   PacketFilter=7
   MaxBufSegmemts=64
   RejectFrames=21

[NULLNDIS_nif]

DriverName = NULLNDS$

CONFIG.SYS

The Protocol Manager provides access to the network frames, to each protocol driver, in the opposite order from the way they were loaded during IPL. The driver-instance-name parameter is optional. When omitted, it defaults to NTRACE$. This name represents this instance of the driver for the OS/2 system. During the device driver's INIT processing, it will look for its section of the PROTOCOL.INI file. Device driver's instance name must appear in a DriverName statement in one of the Protocol.ini sections.

It's possible to load more than one instance of the driver by copying it and giving it a different name. The new instance names must be added to the CONFIG.SYS and PROTOCOL.INI files. Only the last instance of the device driver may have a default instance name, NTRACE$.

CONFIG.SYS example:

DEVICE=C:\IBMCOM\LANMSGDD.OS2 /I:C:\IBMCOM /S
DEVICE=C:\IBMCOM\PROTMAN.OS2 /I:C:\IBMCOM
CALL=C:\IBMCOM\PROTOCOL\NETBIND.EXE
RUN=C:\IBMCOM\LANMSGEX.EXE
DEVICE=C:\MPTN\PROTOCOL\SOCKETS.SYS
DEVICE=C:\MPTN\PROTOCOL\AFOS2.SYS
DEVICE=C:\MPTN\PROTOCOL\AFINET.SYS
DEVICE=C:\MPTN\BIN\VDOSTCP.VDD
RUN=C:\MPTN\BIN\CNTRL.EXE
CALL=C:\OS2\CMD.EXE /Q /C C:\MPTN\BIN\MPTSTART.CMD >NUL
RUN=C:\MPTN\BIN\VDOSCTL.EXE
DEVICE=C:\IBMCOM\PROTOCOL\NETBEUI.OS2
DEVICE=C:\IBMCOM\PROTOCOL\NETBIOS.OS2
DEVICE=C:\TCPIP\bin\vdostcp.sys
IFS=C:\MPTN\bin\nfs300.ifs

REM *** MAC Drivers ***
DEVICE=C:\IBMCOM\MACS\IBMFE.OS2
DEVICE=C:\IBMCOM\MACS\IBMTRP.OS2

REM *** Network Trace ***
DEVICE=C:\IBMCOM\PROTOCOL\NTRACE.OS2