On Nov 19, 2003, at 11:31 PM, Ronnie Sahlberg wrote:
There is a patch for linux that makes libpcap faster by reducing the
number
of copies of the packet that is necessary.
I cant find it right now but some googling should find it.
You're probably thinking of
http://public.lanl.gov/cpw/
which uses the "turbopacket" memory-mapped-capture-socket feature in
2.4 and available as a patch to 2.2. I'm not sure that reduces the
number of copies - I think it just replaces a single copy from an
skbuff to userland with a copy from an skbuff to a memory-mapped
buffer, but the latter copy is kernel-to-kernel and it might be faster
as a result.
When you run tethereal or tcpdump to capture the data use nice to
elevate
its priority.
Better, if using Linux, make tethereal/tcpdump a realtime process
and give
it the highest possible priority.
Or if using FreeBSD (and possibly other BSDs) - Richard Sharpe's
pointed that out on a number of occasions. There's no turbopacket
equivalent for the BSDs - Mike Stolarchuk has talked about doing one,
at least for OpenBSD (it might also work with NetBSD, as that also uses
UVM on a number of platforms):
http://www.usenix.org/events/lisa2001/tech/stolarchuk/index.htm
but I don't know what the current state of any of that work is, nor do
I know how much effort it'd take to make it work on BSDs lacking UVM
(such as FreeBSD and Darwin).