On Mon, 24 Dec 2007, Robert Watson wrote:
I've put up an updated tarball based on some recent changes here:
http://www.watson.org/~robert/freebsd/20071226-zcopybpf.tgz
Unfortunately, there was a problem with a change I made to the kernel check
for a userspace notification that a buffer was
On Wed, 5 Dec 2007, Vlad GALU wrote:
I've had several reports of significantly improved packet capture rates at
high speeds with it, but it's not yet in the tree because we feel it needs
more evaluation and review. I hope to ship some form of zero-copy BPF
buffer support in FreeBSD 8, and pos
On Sat, 8 Dec 2007, Peter Wood wrote:
I'd prefer to use sampling rather then just accepting kernel droped packets
to ensure fair selection over a time period, rather then only collecting the
start of that period and then nothing else.
I'd be willing to look into implementing that perhaps in
Thats why you combine if_bridge with monitor mode, any incoming packets
are discarded after bpf processing so they are never sent to opposing
devices.
Aha, using monitor mode hadn't occured to me, based on previous
discussion I was going to do more research on Monday, but thanks Andrew
you've
On Sat, Dec 08, 2007 at 10:35:11AM +, Peter Wood wrote:
> Morning,
>
> >>> Looking thru the archives, it seems ng_one2many (in this case
> >>> 'many2one') is what I am looking for. Am I barking the right tree
> here?
>
> Strangely enough this is the exact situation I was looking into on Frida
Morning,
>>> Looking thru the archives, it seems ng_one2many (in this case
>>> 'many2one') is what I am looking for. Am I barking the right tree
here?
Strangely enough this is the exact situation I was looking into on
Friday for two mirror ports from our border routers via aggregation
switc
On 12/5/07, Robert Watson <[EMAIL PROTECTED]> wrote:
>
> On Wed, 5 Dec 2007, Robert Watson wrote:
>
> > On Wed, 5 Dec 2007, Vlad GALU wrote:
> >
> >> I would like to try the aforementioned patches too. Can you please point me
> >> to a link?
> >
> > You can download our experimental tarball from he
On Wed, 5 Dec 2007, Robert Watson wrote:
On Wed, 5 Dec 2007, Vlad GALU wrote:
I would like to try the aforementioned patches too. Can you please point me
to a link?
You can download our experimental tarball from here:
http://www.watson.org/~robert/freebsd/20071103-zcopybpf.tgz
You can fin
On Wed, 5 Dec 2007, Vlad GALU wrote:
Depending on the configuration of the system (number of interfaces, number
of CPUs, etc), you may find that running many tcpdump sessions results on
greater throughput due to making better use of parallelism. For example,
if you have eight cores and four
On 12/5/07, Robert Watson <[EMAIL PROTECTED]> wrote:
>
> On Tue, 4 Dec 2007, Peter Losher wrote:
>
> > I am currently working on a tcpdump collector where we have multiple feeds
> > coming in (via bge{0-8}). Since tcpdump can only poll one interface per
> > process, I was hoping to aggregate the t
On Tue, 4 Dec 2007, Peter Losher wrote:
I am currently working on a tcpdump collector where we have multiple feeds
coming in (via bge{0-8}). Since tcpdump can only poll one interface per
process, I was hoping to aggregate the traffic onto one pseudo-interface for
tcpdump to hold onto and to
On Tue, Dec 04, 2007 at 04:25:01PM -0800, Peter Losher wrote:
> I am currently working on a tcpdump collector where we have multiple
> feeds coming in (via bge{0-8}). Since tcpdump can only poll one
> interface per process, I was hoping to aggregate the traffic onto one
> pseudo-interface for tcpd
I am currently working on a tcpdump collector where we have multiple
feeds coming in (via bge{0-8}). Since tcpdump can only poll one
interface per process, I was hoping to aggregate the traffic onto one
pseudo-interface for tcpdump to hold onto and to poll.
Looking thru the archives, it seems ng_
13 matches
Mail list logo
