Subject: Re: packet capturing
To: Darren Reed <darrenr@NetBSD.org>
From: Jonathan Stone <jonathan@DSG.Stanford.EDU>
Date: 01/20/2004 10:44:22
In message <firstname.lastname@example.org>"Darren Reed" writes
>Because NetBSD uses BPF and libpcap...
Linux *doesn't* use bpf, and the paper focuses on in-kernel mechanisms
(which is where the time goes!), not libpcap per se. The numbers
reported reports as a base-case are not realistic (let alone
representative) for BSD systems used by packet-capture experimenters.
You will recall that smb's message was:
`I knew stock systems don't do very well; I'm astonished at how poorly
they do at monitoring a network''
which may be true for __stock Linux systems__.
If you want to debate the meaning of `stock', so as increase change
NetBSD's default or max-sysctl'able) bpf buffersize, I'd support that.
But drawing any conclusions about NetBSD packet-capture on the basis
of a poor paper discussing a completely different mechanism in Linux
is ... downright bizarre.