[Snort-devel] Re: [tcpdump-workers] Fwd: kyxtech: freebsd outsniffed by wintendo !!?!?

Guy Harris gharris at ...148...
Fri Dec 8 02:33:56 EST 2000

On Thu, Dec 07, 2000 at 09:06:04PM -0800, Dragos Ruiu wrote:
> (Hurm.... Wintendo outperforming unix???!??  Something's
>  improper about this, and it ought to be fixed...  :-) 
>  Comments?  Other OS numbers: more recent 
>  FreeBSD versions? Solaris? Tru64? Optimization
>  patches?

As an experiment, changing BPF_MAXBUFSIZE to 1MB, and changing libpcap
to use a 1MB buffer, on FreeBSD? (That might help the "whole packet
dumped" test.)

Somehow measuring how large the byte count in the capture file "write()"
calls in FreeBSD and "WriteFile()" calls are?  (FreeBSD is probably
doing 8K writes, assuming it's writing to an 8K/1K file system; I don't
know what block size the MSVC++ version of the standard I/O library
uses, but it might well use bigger chunks than 8K.)

> Can those OO MSDN lobotomies actually be good things?

I'm not sure the parts of the OS that are actually involved are
particularly object-oriented; I have the impression most of the COM,
etc. stuff lives well up in userland on Windows.

More information about the Snort-devel mailing list