On 9/25/05, Zeljko Vrba <zvrba@globalnet.hr> wrote:
[snip]

   For what it's worth, glFlow(http://freshmeat.net/projects/glflow)
does pretty much what you want to do, except for the disk logging
part. The company I used to work for while I was writing it has been
using it to monitor ~1.2Gbps using FreeBSD and the ixgb(4) driver from
Intel, along with bpf(4) and FreeBSD's device polling for more than a
year without loss (I agree that glFlow itself could be optimized more,
though, but ENOTIME and ENOTESTBED :().
   Although the polling documentation states that it should not be
used in SMP environments, some quick measurements showed  that the
performance was better with SMP most of the time.
  The other option we studied was Luca Deri's PF_RING Linux
implementation, which is pretty much what bpf does (there was only
drawback - we couldn't open more than one listener at a time, I don't
know if that's changed in the meantime). The only advantage we had on
Linux was the IRQ balancing. However, Linux lacked polling. Bottom
line, the figures were pretty even in all tests.

--
If it's there, and you can see it, it's real.
If it's not there, and you can see it, it's virtual.
If it's there, and you can't see it, it's transparent.
If it's not there, and you can't see it, you erased it.