Thu Nov 23 16:36:19 EST 2017
* "ps_recv" counts packets handed to the filter, not packets
* that passed the filter. As filtering is done in userland,
* this DOES NOT INCLUDE packets dropped because we ran out
* of buffer space.
* "ps_drop" counts packets dropped inside the DLPI service
* provider device device because of flow control requirements
* or resource exhaustion; it doesn't count packets dropped by
* the interface driver, or packets dropped upstream. As
* filtering is done in userland, it counts packets regardless
* of whether they would've passed the filter.
So, ps_drop/(ps_recv + ps_drop) is accurate for Solaris, at least as far
as the calculation goes....
More information about the Snort-users