tcpdump mailing list archives
Fwd: Linux - Packet socket: mmapped IO
From: Srihari Vijayaraghavan <harisri () bigpond com>
Date: Mon, 17 Mar 2003 00:05:03 +1100
Sorry my first attempt had failed, hence it goes here again (sorry, I didn't know it was subscription-only mailing list) ---------- Forwarded Message ---------- Subject: Linux - Packet socket: mmapped IO Date: Sun, 16 Mar 2003 00:30:08 +1100 From: Srihari Vijayaraghavan <harisri () telstra com> To: tcpdump-workers () tcpdump org Cc: harisri () bigpond com Hello There, I have the following configuration: Linux-2.4.20 2 Xeon 2800 MHz/512 KB cache 1 GB RAM Intel EEPRO 100 Tx cards (eth0-3), Broadcom Gigabit (eth4) H/W RAID-0 of 70 GB on Compaq Smart Array controller Tcpdump 3.7.2 and Libpcap 0.7.2 (compiled from the source) (On a RH 8.0 + official updates upto date computer) We are generating 70 bytes, 30000 packets/sec on our test network, and when we try to capture the packets using tcpdump (for approx 10-15 secs) this is what happens: # /usr/local/src/tcpdump-3.7.2/tcpdump -s 0 -w test -i eth0 tcpdump: listening on eth0 511902 packets received by the filter 111 packets dropped by the kernel Our requirement is to be able to capture say 1500 Bytes packets saturating the 100 Tx network, on _all_ 5 cards simultaneously without loosing a single packet for minutes/hours (if not days/weeks/months :). I have the "Packet socket" and "Packet socket: mmapped IO" support enabled in the kernel. I understand that the "Packet socket: mmapped IO" is supposed to improve the performance dramatically. How do I find out if libpcap/tcpdump are utilising that feature? (are there any parameters to be used in the Makefile of either of them?) A gentle man on Linux Kernel Mailing List suggested me to run the tcpdump through strace, if I have to, what should I look for, for the confirmation that tcpdump is indeed using "Packet socket: mmapped IO"? And the same person suggested NAPI too, but we haven't tried that yet though, we may not want to use NAPI if it's present in the stable kernel tree. If you know of any general fine tunning parameters (for both kernel - source or sysctl, and in libpcap/tcpdump source) please let me know that too. I am all ears :) Thanks for your help. Hari harisri () bigpond com ------------------------------------------------------- - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe
Current thread:
- Fwd: Linux - Packet socket: mmapped IO Srihari Vijayaraghavan (Mar 16)
- Re: Fwd: Linux - Packet socket: mmapped IO Guy Harris (Mar 16)
- A new feature request - gzip compression while using -w option Srihari Vijayaraghavan (Mar 26)
- Re: A new feature request - gzip compression while using -w option David Young (Mar 26)
- Re: A new feature request - gzip compression while using -w option John Hawkinson (Mar 26)
- Re: A new feature request - gzip compression while using -w option David Young (Mar 26)