Re: capture filter

[julius <mycommercials.79 () web de>]

Am 07.02.2012 20:21, schrieb Guy Harris:
> On Feb 7, 2012, at 4:19 AM, Sake Blok wrote:
>
> > Capture filters need to take as little (CPU) time as possible to be able to capture on high speed networks without having to 
> > discard packets. That's why they use the BPF engine which runs in the kernel.
> ...so that as little work can be done on the packet in the capture path if it doesn't pass the packet filter - for example, 
> so that it won't be copied up to userland or into a buffer shared between the kernel and userland if the capturing program 
> would just discard it afterwards.
Thank you for the information.
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request () wireshark org?subject=unsubscribe