tcpdump mailing list archives

Re: Huge latency increase libpcap-1.4.0 -> libpcap-1.5.3

From: Guy Harris <guy () alum mit edu>
Date: Fri, 14 Nov 2014 13:42:10 -0800


On Nov 14, 2014, at 1:17 PM, Steve Bourland <sbourland () swri edu> wrote:

I have some programs that suffered terrible performance degradation when moving from Ubuntu 12.04 to Ubuntu 14.04.


Are those programs capturing and processing network traffic, are they sending packets and expecting to receive a 
response, or are they doing something else?

Is the performance issue one of high latency or of dropped packets when capturing?

I then reduced the problem to a program that simple returned ICMP ECHO replies when requests were received.


So that's a program sending packets and expecting to receive a response...

Under 12.04, this program works very well (with reported responses from ping of under 500 usec), however, if I point 
the libpcap.so files to the downloaded version 1.5.3 (originally tested with 1.6.2 and problem seen there as well), 
the response times jump to sometimes over 100 msec.


...and the issue you're talking about there is latency.

What timeout are you specifying with pcap_open_live() or pcap_set_timeout()?

Note that:

For programs passively capturing and processing network traffic, you probably want a long timeout (tcpdump uses 1 
second, Wireshark uses 100 ms or so), so that as many packets are delivered per wakeup as possible.

For programs sending packets and expecting a response for each packet, you probably want a *low* timeout (note that 0 
is *not* a valid timeout - it may mean "no timeout" in the sense that you won't see packets until the capture 
mechanism's buffer fills up, which could take an indefinitely long period of time) or, with newer versions of libpcap, 
you might want to use "immediate mode", instead, in which no timeout-based packet buffering is done - packets are 
delivered immediately.  pcap_set_immediate_mode() first appeared in libpcap 1.5.0.
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers

Current thread:

Huge latency increase libpcap-1.4.0 -> libpcap-1.5.3 Steve Bourland (Nov 14)
- Re: Huge latency increase libpcap-1.4.0 -> libpcap-1.5.3 Guy Harris (Nov 14)
  - Re: Huge latency increase libpcap-1.4.0 -> libpcap-1.5.3 Steve Bourland (Nov 14)
    - Re: Huge latency increase libpcap-1.4.0 -> libpcap-1.5.3 Guy Harris (Nov 14)
    - Re: Huge latency increase libpcap-1.4.0 -> libpcap-1.5.3 Steve Bourland (Nov 14)