Re: tcpdump vs libpcap : CPU usage shooting high for two simultaneous captures on wireless monitor interfaces

[abhinav narain <abhinavnarain10 () gmail com>]

Hi Guy,
This is very interesting indeed !
I was using snap len as 350 bytes and the processor was bouncing off limits.
I am using BUFSIZ as the packet capture size and my processor utilization !
Is this a bug in pcap ?
I thought may be I should try 512 (4 byte boundary) and it should also give
low CPU utilization but that does not help !
Can you please explain why pcap behaves like this ?
I am guessing tcpdump also captures the whole packet even when I use -s
option,
because I get low CPU usage with any option in tcpdump !

-
Abhinav


On Sat, Apr 20, 2013 at 1:18 AM, abhinav narain
<abhinavnarain10 () gmail com>wrote:

> Status : bug fixed.
>
> -
> Abhinav
>
>
> On Sat, Apr 20, 2013 at 12:51 AM, abhinav narain <
> abhinavnarain10 () gmail com> wrote:
>
> > Hi guy,
> > I have strace of both tcpdump and mac-analyzer(my tool) from the router
> > attached.
> >
> > I cannot understand why the file descriptor number is different in
> > tcpdump and my tool
> > (3 and 4) respectively.
> >
> > Is this is of any significance ?
> > I am run both the tools on the same interface created by using iw (iw phy
> > phy0 .interface add phe0 ..)
> >
> > Any suggestions,
> > please let me know.
> >
> > -
> > Abhinav
> > On Fri, Apr 19, 2013 at 12:22 AM, abhinav narain <
> > abhinavnarain10 () gmail com> wrote:
> >
> > > Hi Guy,
> > > This is one thing I am confused about.
> > >
> > > I am right now setting the sigprocmask
> > > in the callback function :
> > > pkt_callback(...){
> > >  if (sigprocmask(SIG_BLOCK, &block_set, NULL) < 0) {
> > >     perror("sigprocmask");
> > >     exit(1);
> > >   }
> > >
> > > ....code ...
> > > if (sigprocmask(SIG_UNBLOCK, &block_set, NULL) < 0) {
> > >     perror("sigprocmask");
> > >     exit(1);
> > >   }
> > > }
> > >
> > > When I turned down all the alarms, the CPU % usage came down,
> > > as you were also asking to try out.
> > >
> > > I think there is lot of overhead in setting up the signal masks etc.
> > >
> > > Can i instead set the masks in the main() function before and after
> > > calling,
> > > pcap_loop(), which will avoid this overhead ?
> > >
> > > I am not sure, I think this will set the masks for the code that pcap
> > > runs, right ?
> > > and block all the signals, which pcap might be using for any purpose, if
> > > any.
> > >
> > > Am I right to wrap the pcap_loop() inside the sigprocmask() block,
> > > instead of using
> > > it in callback function (which I am doing now ) ?
> > > <pseudo code>
> > > sigprocmask(block) ..
> > > pcap_loop()
> > > sigprocmask(unblock) ..
> > > </pseudo code>
> > >
> > > How will the signals work then ?
> > > -
> > > Abhinav
> > >
> > >
> > >
> > > On Thu, Apr 18, 2013 at 9:06 AM, abhinav narain <
> > > abhinavnarain10 () gmail com> wrote:
> > >
> > > > On Thu, Apr 18, 2013 at 8:37 AM, abhinav narain <
> > > > abhinavnarain10 () gmail com> wrote:
> > > >
> > > > > hi Guy,
> > > > >
> > > > > What happens if you eliminate that (and any code paths that
> > > > > > eliminating that breaks)?
> > > > The biggest issue for me to understand is, why is the CPU usage going
> > > > up when
> > > > two instances of the tool run simultaneously. It doesn't have high
> > > > usage for single instance.
> > > > Please let me know, if you have any suggestions where I can make
> > > > my headway to investigate.
> > > > -
> > > > Abhinav
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers