tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

Re: advice for heavy traffic capturing

From: Darren Reed <darrenr () reed wattle id au>
Date: Tue, 17 Aug 2004 01:38:51 +1000 (EST)
Hi Fulvio,


Yes, it is harder.
For instance, let's imagine you collected statistics based on the IP source
address (e.g. byte count). You need something like a 10MB buffer (uhmmm,
probably much more) to store data.
Now, let's imagine you want to plot a snapshot of your stats every minute.
If you have a ring buffer, you should lock the entire buffer in order to
copy its content and make it available to the application. You have to make
sure that no other threads are going to update data in the meanwhile,
otherwise your statistics are broken (they refers to different time
intervals).
With a swappable buffer, you can avoid this problem by simply swapping the
buffers.


Do both buffers need to be the implemented same ?

Why not keep the ring buffer for packet capture and use buffer swapping
for statistics ?

I imagine this is what you've done
Or even have them as separate (but linked) devices ?

Darren
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.
Previous By Date Next
Previous By Thread Next

Current thread: