Can you folks please also add the very critical information
of what OS/kernel version you are referring to in these
perfomance tests and any OS comparisons?
The pcap implementations/interface to the kernel on both
Linux and OpenBSD seems to be a moving target. For instance,
the subsytems you attatch bpf to in OpenBSD have changed from
2.8 to 2.9 to 2.9-current, and you can expect different
packet capture performance on each. I believe the
same goes for Linux 2.2/2.4. FreeBSD seemes to not
have been modified much lately in that area(since arguably
they had their base pretty steady early..). but the point is
that when talking about performance, some version
information is very useful since these all seem to
be moving targets... Thanks.
cheers,
--dr
On Sun, 08 Jul 2001, Subba Rao wrote:
> On 0, ashley thomas <[EMAIL PROTECTED]> wrote:
> > On Linux you wo'nt see packet drops.
> > pcap_stat() call always return 0.
> >
> > OpenBSD returns the correct value.
> >
> >
> >
> > On 0, ashley thomas <[EMAIL PROTECTED]> wrote:
> > > I am using OpenBSD OS and am running libpcap0.6.2
> > >
> > > When i run tcpdump as:
> > >
> > > tcpdump "port imap"
> > > and after sometime kill it. It shows:
> > >
> > > 42 packets received by filter
> > > 0 packets dropped by kernel
> > >
> > > where as when on the same network when i run tcpdump (tcpdump "port imap")
> > > on a linux 2.2.16 OS it shows
> > > 0 packets received by filter
> > >
> > > I think the BSD is showing some wrong info. It is infact showing the total
> > > number of packets on the network rather than the ones caught using the filter.
> > >
> > > I think the pcap_stats call is returning a false information. I tried getting
> > > this info using a small program.
> > >
> > > Is it a known problem. Is there a fix for it ?
> > >
> >
> > This I believe has to do with, how IP accounting is done by libpcap on
> > different OSs. I get a very high rate of packet drops on OpenBSD. On Linux, I
> > do not see that same high level of packet drops. The newer versions of libpcap
> > are supposed to do well with IP accounting. All along I thought this was the
> > function of the kernel.
> >
>
> Thanks for clarifying that. On Linux, I also tend to look at the output of
> 'ifconfig' for the 'dropped:' count in 'RX packets' and 'TX packets'.
> --
>
> Subba Rao
> [EMAIL PROTECTED]
> http://members.home.net/subba9/
>
> GPG public key ID 27FC9217
> Key fingerprint = 2B4C 498E 1860 5A2B 6570 5852 7527 882A 27FC 9217
> -
> This is the TCPDUMP workers list. It is archived at
> http://www.tcpdump.org/lists/workers/index.html
> To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
--
Dragos Ruiu <[EMAIL PROTECTED]> dursec.com ltd. / kyx.net - we're from the future
gpg/pgp key on file at wwwkeys.pgp.net or at http://dursec.com/drkey.asc
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
