Re: advice for heavy traffic capturing

["Fulvio Risso" <fulvio.risso () polito it>]

> -----Original Message-----
> From: Darren Reed [mailto:darrenr () reed wattle id au]
> Sent: lunedì 16 agosto 2004 17.39
> To: Fulvio Risso
> Cc: Darren Reed; tcpdump workers
> Subject: Re: [tcpdump-workers] advice for heavy traffic capturing
>
>
> Hi Fulvio,
>
> > Yes, it is harder.
> > For instance, let's imagine you collected statistics based on
> the IP source
> > address (e.g. byte count). You need something like a 10MB buffer (uhmmm,
> > probably much more) to store data.
> > Now, let's imagine you want to plot a snapshot of your stats
> every minute.
> > If you have a ring buffer, you should lock the entire buffer in order to
> > copy its content and make it available to the application. You
> have to make
> > sure that no other threads are going to update data in the meanwhile,
> > otherwise your statistics are broken (they refers to different time
> > intervals).
> > With a swappable buffer, you can avoid this problem by simply
> swapping the
> > buffers.
>
> Do both buffers need to be the implemented same ?
>
> Why not keep the ring buffer for packet capture and use buffer swapping
> for statistics ?
>
> I imagine this is what you've done

Yes, correct.
However, the code was never merged in the public WinPcap.

Cheers,

        fulvio

-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.