Version 2.1.0
This includes significant internal changes to how sockets & winpcap are used:
- Modified raw socket capture to use async callbacks instead of polling
- Modified WinPCap capture to use built-in polling (pcap_next_ex)
- Added an optional feature to filter network traffic based on remote host IP. Note that it takes a short amount of time to detect new TCP connections, and so some of the initial set-up traffic may be lost. This feature should not be used if new connections are frequently created or the initial network data is critical to application functioning. However, it significantly reduces the amount of data lost when the network is under high stress. It has been tested successfully up to 950mbps.
- Created a 'buffer factory' to store a collection of network data between when it is made available by the network capture subsystem and when it is processed. Note that this increases memory use and can look like a memory leak if there are large spikes in network traffic.
Machina releases prior to this version should not be used due to the potential for targeted network data to be lost when there is a lot of other network traffic occurring. While socket capture does not provide a 100% reliable way of preventing this data loss, this version is much better at it and does not interfere with the process initiating the network connection, unlike other techniques such as winsock hooks.
Compiled binaries are available on nuget.