On Thu, Apr 18, 2002 at 02:03:05PM -0700, Brent Draney wrote:
> Has anyone played with bypassing the buffer cache when
> writing large dump files? If seems that savefiles.c
> could be easily mod'ed to replace the fopen with an open
> and fdopen to be able to set `O_DIRECT'.
Well, if you do that, you'd be doing one "write()" per packet unless you
did your own buffering. Buffering could involve copying unless you
either
1) managed to read the packets *into* a contiguous buffer (but
that helps only with BPF-style packet headers on a machine
with a 64-bit "struct timeval", otherwise you have to
reformat the captured data anyway
or
2) used "writev()".
(Note also that, at some point, I plan to check in the WinPcap
developers' changes to libpcap; I guess you could use "_open()" on
Windows, but if you're going for full speed on Windows, you'd want
"CreateFile()" and "WriteFile()".)
If you plan to run full speed captures, you might want a customized data
path *anyway*.
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
