On Sat, 27 Feb 2016, Joerg Sonnenberger wrote:
Date: Sat, 27 Feb 2016 20:38:37 +0100
From: Joerg Sonnenberger <[email protected]>
To: [email protected]
Subject: Re: high cpu load with tcpdump
On Sat, Feb 27, 2016 at 08:18:41PM +0100, [email protected]
wrote:
5015 1 tcpdump 1456559035.621583576 CALL read(3,0x7f7ff7b16000,0x80000)
FD 3 is a BPF instance?
Joerg
I don't know what FD 3 is used for, perhaps it could be a BPF descriptor.
modstat | grep bpf
bpf driver builtin 7 0 - -
if_athn_usb driver builtin 0 0 - bpf
if_axe driver builtin 0 0 - bpf
if_axen driver builtin 0 0 - bpf
if_rum driver builtin 0 0 - bpf
if_run driver builtin 0 0 - bpf
if_urtw driver builtin 0 0 - bpf
if_urtwn driver builtin 0 0 - bpf
But I think this is the default of all kernels based at the GENERIC
configuration. The system has some ipfilter rules but no npf
configuration. Stopping ipfilter has no impact to the tcpdump problem.
Regards
Uwe
