Date: Tue, 13 Aug 2002 22:00:38 -0700 (PDT) From: Nate Lawson <nate@root.org> To: Sean Hamilton <sh@planetquake.com> Cc: hackers@freebsd.org Subject: Re: IP monitoring Message-ID: <Pine.BSF.4.21.0208132157240.36612-100000@root.org> In-Reply-To: <000a01c2433c$b0e96620$f019e8d8@slugabed.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 13 Aug 2002, Sean Hamilton wrote: > Also, forgot to mention, I will need to look inside TCP streams, and know > which user owns them, and which packets pertain to which TCP stream, which > is why I was thinking a module would be more suitable. If I did this in user > space, I'd have to reconstruct the streams myself (but as I understand, that > isn't amazingly difficult.) > > sh pcap(3) does fast usermode packet capture via BPF ports/net/libnids does TCP stream reassembly Running things in the kernel does not automatically make them fast unless your CPU usage is maxed by boundary crossings. -Nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0208132157240.36612-100000>