tcpdump mailing list archives
Re: packet drops and zero copy filtering?
From: Ben Greear <greearb () candelatech com>
Date: Mon, 14 Jul 2003 00:13:53 -0700
Richard Sharpe wrote:
On Sun, 13 Jul 2003, Ben Greear wrote:
Seems you cannot use sendfile when reading from a socket, so can't capture like this. It will definately need a kernel module.Well, the first poster's question does not make any sense, but it does not seem to me that the claim that you can't use sendfile when reading from a socket makes any sense either. I thought Linux's sendfile was symmetric in that regard, unlike, say, sendfile under FreeBSD, where you cannot use sendfile to read from a socket.
From the sendfile man page on RH 9
Presently the descriptor from which data is read cannot correspond to a
socket, it must correspond to a file which supports mmap()-like opera-
tions.
So, make sense or not, it don't work.
It seems to me that the real problem is that sendfile is designed to copy to/from a socket and a file while in kernel-space to avoid the overhead of copying the data out to user-space and back again.I don't think that with packet filtering you really have a socket, although I could be wrong on that score.
Well, you could open a packet-socket and send it all to disk, ie no filtering. And could later process it as desired. However, since there is no sendfile support, then you don't gain much trying to do it this way, ie it still has to come to user space (and back to disk). In the near future, I plan to make a kernel module that will throw pkts directly to disk from the kernel...but it will most likely be proprietary and relatively expensive. Ben -- Ben Greear <greearb () candelatech com> <Ben_Greear AT excite.com> President of Candela Technologies Inc http://www.candelatech.com ScryMUD: http://scry.wanfear.com http://scry.wanfear.com/~greear - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe
Current thread:
- packet drops and zero copy filtering? Yuchung Cheng (Jul 13)
- Re: packet drops and zero copy filtering? Guy Harris (Jul 13)
- Re: packet drops and zero copy filtering? Ben Greear (Jul 13)
- Re: packet drops and zero copy filtering? Richard Sharpe (Jul 13)
- Re: packet drops and zero copy filtering? Ben Greear (Jul 14)
- Re: packet drops and zero copy filtering? Richard Sharpe (Jul 14)
- Re: packet drops and zero copy filtering? Guy Harris (Jul 14)
- Re: packet drops and zero copy filtering? Loris Degioanni (Jul 14)
- Re: packet drops and zero copy filtering? Ben Greear (Jul 13)
- Re: packet drops and zero copy filtering? Guy Harris (Jul 14)
- Re: packet drops and zero copy filtering? Guy Harris (Jul 13)