藥單

Tuning FreeBSD

Packet capturing utilizes the BPF device, in general in combination with the libpcap. This device executes a filter on each packet and store the packet afterwards in a double-buffer (see [Sch04de-sep, Sch05en-da] for details). The size of this double-buffer can be adjusted via a sysctl. Setting it to 2×10 Mbytes has proven to be a good choice.

Since FreeBSD 6 you can do this by setting:

sysctl -w net.bpf.bufsize=10485760
sysctl -w net.bpf.maxbufsize=10485760

For older FreeBSD's just use:

sysctl -w debug.bpf_bufsize=10485760
sysctl -w debug.maxbpf_bufsize=10485760

Tuning Linux

Like in FreeBSD Linux offer some possibilities to tune it capturing performance as well. Due to the different capturing stack witch does not have a buffer but a queue of pointers behind the filter, one has to increase the receive buffer for all incomming packets and the queue length. This can be done via the /proc filesystem (with Linux we found that 32 Mbytes is a good amount of memory):

ben88168 發表在 痞客邦 PIXNET 留言(0) 人氣()