[tcpdump-workers] Legacy Linux kernel support
mrugiero at gmail.com
Wed Apr 1 19:14:57 EDT 2020
OK, follow up.
I haven't yet been able to test it, which is why I've been delaying
writing about this,
but these two commits, which according to these threads
are the ones fixing
the timeout issue, have been applied to CentOS 7 default kernel,
It can also be seen by comparing vanilla 3.10 with the CentOS
the files located at net/packet/af_packet.c.
This *should* mean it works without the workaround. I'd like to try
it, but I'm currently
fighting with VirtualBox guest additions and in a metered connection
(I have no home
connection and my country is in quarantine), so I'm being rather
careful on my data
Now, if this is deemed insufficient, I have a test in mind that I may
as well have
early feedback on, with the following setup:
- libpcap with the workaround removed;
- vanilla and CentOS' kernels alternated;
- a 2MiB packet ring;
- a 64kiB block size and snaplen;
- timeout of 8ms;
- injection to a virtual interface at 1 packet every 20ms;
- a simple application that reads and do nothing on its peer.
I think that should give as a buffer small enough and a frequency low enough to
fill the buffer and result in observable packet loss.
Does it make sense? Any suggestions or criticisms to the setup? Is it necessary?
More information about the tcpdump-workers