|
Hi all, I have a simple capture application using libpcap and
pf_ring. When I run the application with a specific bpf filter (say ‘ip
and host <ip address>’) pcap_loop will wait until it sees a packet
for the host in the filter and then it will pass any packet in the buffer to my
callback. Consider 50k pps for all traffic sent to the capture
interface. Consider no more than 100 pps that match the bpf filter. Now
pcap_loop hands me x number of packets that match the bpf filter but those
packets do not specifically match the bpf filter, they are random packets
received on the interface. So the bpf filter is working enough to trigger
return packets through pcap_loop, but those packets don’t specifically
match the bpf filter. Only when bpf filter matching packets are seen on
the interface, pcap_loop returns packets, but those returned don’t always
match the bpf filter. I stated this twice to avoid confusion. According to pcap_stats I am capturing all traffic with no
drops. I am running kernel 2.6.12 with pf_ring 3.0 and an e1000
fiber NIC with NAPI. The libpcap version I am using is the same version
with patch files in the current PF_RING cvs tree. Libpcap-0.9.4 I have spent days evaluating whether or not my application
code was the problem to find out the issue appears to be pf_ring, libpcap, and
the bpf filter specifically. In addition I have re-compiled the kernel, libpcap, pf_ring,
and my application with each re-compile many times. Also, my application
uses pthread and 4 threads, one of which is my capturing thread. I have
pulled the capture code (pcap_loop, etc) out of the thread and ran it in my
main() to determine whether or not the issue was related to threads and I get the
same results. The system is SMP, FC4. I am just about at my wits end. I figured I’d
post to the list and see if anyone had any ideas. Thank you, Nathan Kiel |
_______________________________________________ Ntop-dev mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-dev
