Re: libpcap MMAP, Shared Memory version?

[Guy Harris <guy () alum mit edu>]

On Dec 16, 2011, at 1:51 PM, Jon Schipp wrote:

> Do the recent tcpdump releases use the shared memory functionality of
> the newer libpcap libraries?
> Basically, if I download the latest tcpdump and the latest libpcap and
> compile them on FreeBSD and on Linux, and then run the binary, will I
> get the speed advantages of mmap()?

There are no APIs in libpcap that are required in order to use the memory-mapped capture mechanisms, so neither tcpdump 
nor any other program that captures traffic needs to be changed in order to use that functionality, so *all* tcpdump 
releases, if either

        1) compiled and then linked with a static-library version of libpcap that uses the memory-mapped capture 
mechanism

or

        2) compiled and linked with a shared-library version of libpcap and then run on a system with a shared-library 
version of libpcap that uses the memory-mapped capture mechaism, *regardless* of whether the shared-library version 
with which it's linked supports the memory-mapped capture mechanism

will use it.

> Or are there other things that I have to do, tcpdump/libpcap or maybe
> OS related?

Well, one think you need to do is to have an OS version where the kernel supports the memory-mapped capture mechanism.

For FreeBSD, that means FreeBSD 8.0 or later.  You will also have to enable the memory-mapped capture mechanism, as 
it's disabled by default; use the sysctl command to set net.bpf.zerocopy_enable to 1.  If you have FreeBSD 8.0 or 
later, the version of libpcap that comes with the system supports the memory-mapped capture mechanism; you would not 
have to recompile libpcap or tcpdump in order to use it - you would only need to set the net.bpf.zerocopy_enable sysctl 
variable to 1.

For Linux, any 2.6 kernel and, I think, any 2.4 kernel should have that.-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.