[tcpdump-workers] Huge latency increase libpcap-1.4.0 -> libpcap-1.5.3

Guy Harris guy at alum.mit.edu
Fri Nov 14 18:38:51 EST 2014

On Nov 14, 2014, at 2:08 PM, Steve Bourland <sbourland at swri.edu> wrote:

> On Fri, 14 Nov 2014, Guy Harris wrote:
>> On Nov 14, 2014, at 1:17 PM, Steve Bourland <sbourland at swri.edu> wrote:
>>> I have some programs that suffered terrible performance degradation when moving from Ubuntu 12.04 to Ubuntu 14.04.
>> Are those programs capturing and processing network traffic, are they sending packets and expecting to receive a response, or are they doing something else?
> They are essentially servers, listening for specific packets and then building and sending the appropriate reply to the client.

OK, that's the same case, from the point of view of using libpcap, as the client case of sending packets and expecting to receive a response.

>> Is the performance issue one of high latency or of dropped packets when capturing?
> Sorry, the main concern I have is high latency,

As I suspected.

>> What timeout are you specifying with pcap_open_live() or pcap_set_timeout()?
> In the test program I am using 1 msec as the timeout for pcap_open_live...but then have a selectable fd and am using a select call to let me know when a packet arrives.

Well, 1 ms is the smallest that the timeout can get.

For PF_PACKET sockets, which are what libpcap uses on Linux, the TPACKET_V3 mechanism, which is the default in 1.5.0 and later and which works better for the packet-capture case, doesn't work well for the request-and-response application case.

I would suggest that:

	if the version of libpcap with which you're building has the pcap_set_immediate_mode() API, use pcap_create(), pcap_set_immediate_mode(), and pcap_activate() rather than pcap_open_live(), as libpcap falls back to TPACKET_V2 in immediate mode;

	otherwise, libpcap also doesn't support TPACKET_V3, so that's not an issue - keep using pcap_open_live() (unless you're already using pcap_create()/pcap_activate(), which first appeared in 1.0.0).

This may require a configure script, if you're OK with building from source different versions of the program for different machines, or some dlopen()/dlsym() trickery if you want to make a binary that'll work with both libpcap 1.5-and-later and earlier versions.

More information about the tcpdump-workers mailing list