Date: Mon, 14 Jul 2008 14:44:32 +0100 From: "Bruce M. Simpson" <bms@FreeBSD.org> To: Robin Sommer <robin@icir.org> Cc: freebsd-net@freebsd.org Subject: Re: BPF problems on FreeBSD 7.0 Message-ID: <487B5840.3000401@FreeBSD.org> In-Reply-To: <20080711202737.GB27418@icir.org> References: <20080711202737.GB27418@icir.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Robin Sommer wrote: > Hi all, > > we're seeing some strange effects with our libpcap-based application > (the Bro network intrusion detection system) on a FreeBSD 7-RELEASE > system. As the application has always been running fine on 6.x, > we're wondering whether this might be triggered by any of the > changes that went into 7. > ... > I'm wondering whether anybody here has seen something similar or > might have an idea where to start looking for the cause. Any ideas? > One place to start might be: netstat -B output in 7.x (I *think* this got MFCed), this will let us see what the drop count is for the Bro process, and what the flags are for the open BPF descriptors in the system. I'm not hot on current BPF internals, but I hazard a guess this is related to BPF descriptor buffering -- an area where there have been changes, some of which I've eyeballed. cheers BMS
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?487B5840.3000401>