Re: packet drops and zero copy filtering?

["Loris Degioanni" <loris () netgroup-serv polito it>]

> On Mon, Jul 14, 2003 at 12:13:53AM -0700, Ben Greear wrote:
> > In the near future, I plan to make a kernel module that will throw pkts
> > directly to disk from the kernel...
>
> WinPcap had such a mechanism at one point, although I think it might not
> yet be working in WinPcap 3.0; if you implement such a mechanism and
> provide libpcap extensions to use it, you might want to use whatever API
> WinPcap used (I don't remember what it was, and it doesn't seem to be
> documented in the current WinPcap documentation).

The kernel dump functionality works in the first alpha versions of winpcap
3.0, but is disabled in the current version since it's not updated to the
new buffering system introduced to support SMP.
Some documentation about how kernel dump works can be found at
http://winpcap.polito.it/docs/man/html/index.html.
The API for kernel dump is documented inside the WinPcap manual and is made
of two functions: pcap_live_dump
(http://winpcap.polito.it/docs/man/html/group__wpcap__fn.html#a42) and
pcap_live_dump_ended
(http://winpcap.polito.it/docs/man/html/group__wpcap__fn.html#a43).

Loris

-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe