Subject: Re: packet capturing
To: Darren Reed <>
From: Jonathan Stone <jonathan@DSG.Stanford.EDU>
List: tech-kern
Date: 01/20/2004 10:44:22
In message <>"Darren Reed" writes

>Because NetBSD uses BPF and libpcap...

Linux *doesn't* use bpf, and the paper focuses on in-kernel mechanisms
(which is where the time goes!), not libpcap per se.  The numbers
reported reports as a base-case are not realistic (let alone
representative) for BSD systems used by packet-capture experimenters.

You will recall that smb's message was:

  `I knew stock systems don't do very well; I'm astonished at how poorly
   they do at monitoring a network''

which may be true for __stock Linux systems__.

If you want to debate the meaning of `stock', so as increase change
NetBSD's default or max-sysctl'able) bpf buffersize, I'd support that.

But drawing any conclusions about NetBSD packet-capture on the basis
of a poor paper discussing a completely different mechanism in Linux
is ... downright bizarre.