From owner-freebsd-hackers Fri May 19 8:12:18 2000 Delivered-To: freebsd-hackers@freebsd.org Received: from dan.emsphone.com (dan.emsphone.com [199.67.51.101]) by hub.freebsd.org (Postfix) with ESMTP id A289837BF21; Fri, 19 May 2000 08:12:05 -0700 (PDT) (envelope-from dan@dan.emsphone.com) Received: (from dan@localhost) by dan.emsphone.com (8.9.3/8.9.3) id KAA27497; Fri, 19 May 2000 10:11:53 -0500 (CDT) (envelope-from dan) Date: Fri, 19 May 2000 10:11:53 -0500 From: Dan Nelson To: Dmitry Samersoff Cc: Travis Cole , freebsd-hackers@FreeBSD.ORG, freebsd-net@FreeBSD.ORG Subject: Re: bpf question Message-ID: <20000519101153.C18334@dan.emsphone.com> References: <20000517231043.A13544@wcug.wwu.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i In-Reply-To: ; from "Dmitry Samersoff" on Fri May 19 17:57:24 GMT 2000 X-OS: FreeBSD 5.0-CURRENT Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG In the last episode (May 19), Dmitry Samersoff said: > On 18-May-2000 Travis Cole wrote: > > On Wed, May 17, 2000 at 05:51:59PM +0400, Dmitry Samersoff wrote: > >> I have traffic metering program using bpf, it works fine on > >> relatevly free net but looses about 30% of packets on havy loaded > >> one. > > > > Are you doing dns lookups? Don't do those and you may fix your problem. > > Thanks for all. I tryed all usual solution (change CPU, bring packet > parsing out of reading thread and so on.) and now Define "heavily loaded". If you just run "tcpdump -n" for a couple minutes and hit ^C, does it report any dropped packets? If it does, then your machine probably isn't fast enough to handle the network load. If I flood my 100mbit network with small packets, and monitor it on a P6/200 with "tcpdump -n", I drop from 1-10% of the packets. If I use "tcpdump -n -w logfile.txt", I drop no packets. -- Dan Nelson dnelson@emsphone.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message