In message <20040120054820.7174.qmail@mail.netbsd.org>"Darren Reed" writes

>Because NetBSD uses BPF and libpcap...

Linux *doesn't* use bpf, and the paper focuses on in-kernel mechanisms
(which is where the time goes!), not libpcap per se.  The numbers
reported reports as a base-case are not realistic (let alone
representative) for BSD systems used by packet-capture experimenters.

You will recall that smb's message was:

  `I knew stock systems don't do very well; I'm astonished at how poorly
   they do at monitoring a network''

which may be true for __stock Linux systems__.

If you want to debate the meaning of `stock', so as increase change
NetBSD's default or max-sysctl'able) bpf buffersize, I'd support that.

But drawing any conclusions about NetBSD packet-capture on the basis
of a poor paper discussing a completely different mechanism in Linux
is ... downright bizarre.

[...]