PF_ring and friends: Options for making Linux suck less when capturing packets
Stephen Hemminger
shemminger at vyatta.com
Wed Oct 19 12:52:44 EDT 2011
On Wed, 19 Oct 2011 18:44:08 +0200
Dave Taht <dave.taht at gmail.com> wrote:
> Currently I can do tcpdump -i eth1 -s 200 -w /some/usb/stick.cap at about
> 1.2 - 2MB/sec before saturating cpu on the wndr3700v2. (MB =megabyte)
>
> I can r/w a usb stick at about 8/7 MB/sec. I haven' tried a 'real' hard
> disk.
>
> About 50Mbit/sec I figure covers the 95 percentile of most home users to
> their ISP. 100Mbit would be better. Being drop-free would be really helpful
> on shorter tests....
>
> I was also thinking about an in-kernel module that uses 'splice' to send the
> data to a file... as well as the current jit work for bpf, using netfilter,
> and various other alternatives.
>
> Or writing something in a iptables or tc filter to track things more sanely
> that web100 does....
>
> Ideas?
USB sticks are real slow. Even some infinitely fast capture isn't going
to get around that. Get a real SSD and put it in enclosure that supports
USB 3.0?
More information about the Bloat-devel
mailing list