From owner-freebsd-security Wed Sep 26 6:34:50 2001 Delivered-To: freebsd-security@freebsd.org Received: from sv07e.atm-tzs.kmjeuro.com (sv07e.atm-tzs.kmjeuro.com [193.81.94.207]) by hub.freebsd.org (Postfix) with ESMTP id 7FEEE37B428 for ; Wed, 26 Sep 2001 06:34:45 -0700 (PDT) Received: (from root@localhost) by sv07e.atm-tzs.kmjeuro.com (8.11.5/8.11.4) id f8QDYgZ57477 for freebsd-security@freebsd.org; Wed, 26 Sep 2001 15:34:42 +0200 (CEST) (envelope-from k.joch@kmjeuro.com) Received: from kmjeuro.com (adsl.sbg.kmjeuro.com [193.154.189.16]) (authenticated) by sv07e.atm-tzs.kmjeuro.com (8.11.5/8.11.4) with ESMTP id f8QDYUv57209; Wed, 26 Sep 2001 15:34:31 +0200 (CEST) (envelope-from k.joch@kmjeuro.com) Message-ID: <3BB1D965.6090203@kmjeuro.com> Date: Wed, 26 Sep 2001 15:34:29 +0200 From: "Karl M. Joch" User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:0.9.3) Gecko/20010812 X-Accept-Language: en-us MIME-Version: 1.0 To: Laurent Fabre Cc: freebsd-security@freebsd.org Subject: Re: LaBrea for BSD? References: <20010924162750.24311@shalmaneser.thelbane.com> <200109241645.SAA02368@malraux.matranet.com> <200109251018.MAA08113@malraux.matranet.com> <200109251339.PAA22725@malraux.matranet.com> <200109251455.QAA28275@malraux.matranet.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X--virus-scanner: scanned for Virus and dangerous attachments on sv07e.atm-tzs.kmjeuro.com (System Setup/Maintainance: http://www.ctseuro.com/) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Laurent Fabre wrote: > Actually it's a libpcap issue i think. > As soon as the traffic gets high you start loosing frame > and the processing takes huge time to complete. > > So there's a performance issue only in the capture phase > and not on the reply react phase. > > > Problem is i don't see anything else than libpcap to capture packets.... > dont really think so. if starting with -x (not capturing packages) all the activities are logged. look like the box sees all packages. but when removing -x switch it doesnt work as it should. still trying to figure it out, because in the server room are only freebsd boxes. dont want to have a non freebsd box there if possible. Karl To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message