From owner-freebsd-hackers@FreeBSD.ORG  Mon May 24 03:02:00 2004
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 5E2F816A4CE
	for <freebsd-hackers@freebsd.org>;
	Mon, 24 May 2004 03:02:00 -0700 (PDT)
Received: from oasis.uptsoft.com (oasis.uptsoft.com [217.20.165.41])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 3135343D2F
	for <freebsd-hackers@freebsd.org>;
	Mon, 24 May 2004 03:01:58 -0700 (PDT)
	(envelope-from devnull@oasis.uptsoft.com)
Received: (from devnull@localhost)
	by oasis.uptsoft.com (8.11.6/linuxconf) id i4OA1E321408
	for freebsd-hackers@freebsd.org; Mon, 24 May 2004 13:01:14 +0300
Date: Mon, 24 May 2004 13:01:14 +0300
From: Sergey Lyubka <devnull@uptsoft.com>
To: freebsd-hackers@freebsd.org
Message-ID: <20040524130114.A20460@oasis.uptsoft.com>
Mail-Followup-To: freebsd-hackers@freebsd.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5.1i
X-OS: FreeBSD 4.5-STABLE
Subject: 5.2.1 + snort, dropping packets
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 24 May 2004 10:02:00 -0000

hackers,
I am running snort on 5.2.1-RELEASE, and I am getting high
dropped packets rate. traffic is quiet, about 1kpps, the box runs on xeon
processor, intel gigabit NICs (em driver), system load is low:

CPU states:  1.9% user,  5.1% nice,  1.6% system,  4.7% interrupt, 86.8% idle
Mem: 121M Active, 97M Inact, 75M Wired, 736K Cache, 60M Buf, 201M Free
Swap: 512M Total, 512M Free


I have tried:
	o both SMP and UP kernels
	o both SCHED_ULE and SCHED_4BSD options
	o libpcap libs versions 0.7 and 0.8.3
	o 5.2.1-RELEASE and -current kernels
	o DEVICE_POLLING option
	o sysctl debug.bpf_bufsize set to maximum of 524288

and still having dropped packets.
I am having a much lower spec box, running obsd 3.2, same snort configuration,
capturing the same traffic. obsd shows constant 0 dropped packets.

How would I fix that problem?