Re: Packet sniffing in Linux

kuznet@ms2.inr.ac.ru
Sun, 18 Apr 1999 08:59:03 +0400 (MSK DST)


Hello!

[ I apologize I have only 5 minutes to answer ]

> Not putting BPF into the kernel was a deliberate design decision.
> Unfortunately it's easy to add "features", but difficult to keep them out.

It is very easy to keep it out, just not configure it.

> [[ BPF is the "Berkley Packet Filter", a way downloading bytecode that the
> kernel executes to select packets. Sure, putting anything in the kernel is
> faster than putting it in user space. But that's not an excuse to
> put everything into the kernel. Specific reasons not to use BPF is that it
> is rarely used,

Feel free to reengineer kernel to provide process switch rate enough
to capture real rather than toy data rates.

Did you read original question at least? Do you want to say that
it is shallow? I also dislike BPF, but I see no alternatives.
Existing alternatives are only worse.

> and it doesn't make good use of hardware multicast filters.

? Cannot parse this.

Again, feel free to design better engine to solve this particular task,
which will "make good use of hardware multicast filters".

Alexey
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.rutgers.edu