On 9/24/05, Tonnerre <tonnerre@thundrix.ch> wrote:
> Salut,
>
> On Sat, Sep 24, 2005 at 10:01:45AM +0200, Zeljko Vrba wrote:
> > To explain in details:
> >
> > 1. I expect to receive incoming almost full 1Gbit of traffic on bge1. I
> > will not be doing any outgoing traffic.
> >
> > 2. I don't need any network stack processing. After the ethernet frame
> > is received, I want to record the following data only:
> >   - arrival time, as precise as possible (read local APIC?)
> >   - full TCP/UDP/IP header (I can parse eth frame myself, if neccessary=
)
> >   - the data load I will discard
> >
> > 3. The collected data needs to be written to disk. As few as possible
> > frames should be lost.
>
> This can probably be done easiest by using pf and pflogd. Just drop and
> log all packets on the interface, and disable outgoing just for not havin=
g
> to bother with it. If the processor is fast enough...
>

  That's overkill. Why not simply use bpf ? It's fast enough for most
needs, be they hardcore or not.

>                                     Tonnerre
>
>
>


--
If it's there, and you can see it, it's real.
If it's not there, and you can see it, it's virtual.
If it's there, and you can't see it, it's transparent.
If it's not there, and you can't see it, you erased it.