[Snort-devel] Re: Fwd: kyxtech: freebsd outsniffed by wintendo !!?!?
dillon at ...146...
Fri Dec 8 00:47:20 EST 2000
:(Hurm.... Wintendo outperforming unix???!?? Something's
: improper about this, and it ought to be fixed... :-)
: Comments? Other OS numbers: more recent
: FreeBSD versions? Solaris? Tru64? Optimization
: patches? Can those OO MSDN lobotomies actually
: be good things? Hurm... The Italian gauntlet has
: been thrown down.... --dr :-)
Oh yah, I remember this... this is a pretty old benchmark, by the way.
Sigh. All this demonstrates is that the person tring to write the
packets to disk doesn't know what he's doing. There's nothing wrong
with FreeBSD, per say. Looking at the data I would guess that they
are appending to a file using write()'s on a packet-by-packet basis
or with a redirect from tcpdump on a shell line, rather then spend
the 60 seconds it would take to program-in some fairly trivial user-level
buffering. The program is obviously stalling on the write and causing
the BPF filter to overflow its output buffer. Just because FreeBSD
refuses to use all available memory to buffer a single file's writes
doesn't mean it's broken, just that the benchmark is. I'm guessing
simply double-buffering the disk writeing with two dd's would be
sufficient to capture all packets to disk and if someone seriously
intended to use a FreeBSD box as a packet-capture system they would
write a capture program to talk to the BPF socket directly and
implement proper buffering in that rather then tring to use tcpdump.
More information about the Snort-devel