Re: Packet drop counts via pcap_stats()

[Jim Lloyd <jlloyd () silvertailsystems com>]

On Sat, Feb 27, 2010 at 5:35 PM, Dustin Spicuzza <dustin () virtualroadside com
> wrote:

> Jim Lloyd wrote:
> > Over the last couple months we have developed and deployed into a
> production
> > environment an application using libpcap, where we sniff upwards of
> 350Mbps
> > of HTTP traffic arriving via a SPAN. On the whole I am extremely pleased
> > with libpcap in terms of both the ease of implementation and the
> > efficiency/throughput/quality of the packet capture. We are clearly not
> > getting all packets, but there is fairly strong evidence this is mostly
> due
> > to being too aggressive with the SPAN.
> >
> > However, one concern I have with libpcap is that it seems that
> pcap_stats()
> > has never reported a dropped packet. Is this a known problem? We are
> using
> > libpcap-1.0.0 on CentOS 5.4, which uses the Linux kernel 2.6.18-164.el5,
> > on x86_64.
> >
> > I have also run our application with valgrind, and when I do the volume
> of
> > packets processed drops significantly for the same traffic. It is not
> > surprising to me that we are forced to handle lower throughput under
> > valgrind, but it is bothersome that I don't seem to have any way for pcap
> to
> > tell me that it can't keep up.
> >
> > Is this expected behavior, or is there something I am overlooking?
>
> There are at least two things that measure losses on linux, one on the
> socket buffer and one on the interface itself. pcap_stats() only
> reported losses on the socket buffer. This problem was fixed in HEAD a
> few months ago.
>
> Not sure why a 1.1.1 release hasn't been done a lot earlier than this,
> but libpcap HEAD fixes a lot of bugs.
>
> Dustin
>
> I've updated my application to use sources from your git repository HEAD
and I'm now seeing dropped packet counts. Thanks!

I'd like to request that you guys cut another release sometime soon.
According to http://www.tcpdump.org/#latest the latest release of libpcap is
1.0.0 from October 27, 2008.

Thanks,
Jim Lloyd
Silver Tail Systems
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.