tcpdump mailing list archives
Re: Multi process sniffing and dropped packets
From: <computational_complex-forthespam () yahoo it>
Date: Sat, 14 Jan 2006 12:01:50 +0100 (CET)
Thanks everybody for replies! --- Gianluca Varenni <gianluca.varenni () cacetech com> ha scritto:
Uhm, what is the problem with multithreading? I think that all the modern OSes schedule on a per thread basis (or better, at least they schedule the different threads of a process on different CPUs).
I would choose threads but my "boss" prefers processes; he said computation parallelizing mechanism (in his cluster) don't work well with threads as it does with processes; i don't know if is true, now i'll implement my software with processes and then with posix threads; so i'll "taste" performance differences.
No. The pcap_t handle is not guaranteed to be thread-safe. [...]
Ok, i'm going to use one process that picks up packets and send it in a pipe; on other side of pipe there will be analyzing processes. i forgot it: i work with linux.
Before going into a multithread approach, in any case I would analyze the code path processing packets, finding what are the real CPU intensive tasks.
Analyzing process has to look in a packet a determined data pattern.
Remember that in any case having a larger buffer helps in case of network bursts, it doesn't help a lot if the processing application is too slow.
thanks, i'll keep in mind it. --- Michael Richardson <mcr () sandelman ottawa on ca> ha scritto:
<computational_complex-forthespam () yahoo it> writes:
computational> - every process executes an
infinite loop in which
computational> pcap_next() is called. - every
process executes a
computational> pcap_loop() call.
It's a good idea. Just fork and do work.
Which is a good idea? pcap_loop() or pcap_next() ? --- Guy Harris <guy () alum mit edu> ha scritto:
So does each process execute a pcap_open_live() call?
no! i mean one process call pcap_open_live() and then fork, so every child process has the same pcap_t *handle value.
In the latter case, that *might* work, but I don't know whether it's guaranteed to work on all platforms.
it seems don't work: i get strange memory free() error.. Valerio - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
Current thread:
- Multi process sniffing and dropped packets computational_complex-forthespam (Jan 12)
- Re: Multi process sniffing and dropped packets Gianluca Varenni (Jan 12)
- Re: Multi process sniffing and dropped packets Guy Harris (Jan 12)
- Re: Multi process sniffing and dropped packets Gianluca Varenni (Jan 13)
- Re: Multi process sniffing and dropped packets Robert Lowe (Jan 12)
- Re: Multi process sniffing and dropped packets computational_complex-forthespam (Jan 14)
- Re: Multi process sniffing and dropped packets Rick Jones (Jan 17)
- Re: Multi process sniffing and dropped packets computational_complex-forthespam (Jan 21)
- Re: Multi process sniffing and dropped packets Guy Harris (Jan 12)
- Re: Multi process sniffing and dropped packets Gianluca Varenni (Jan 12)
- Re: Multi process sniffing and dropped packets Michael Richardson (Jan 12)
- Re: Multi process sniffing and dropped packets Guy Harris (Jan 12)
- Re: Multi process sniffing and dropped packets Guy Harris (Jan 12)
- Re: Multi process sniffing and dropped packets Rick Jones (Jan 12)