Re: Magic Lantern

Eric Weigle (ehw@lanl.gov)
Wed, 28 Nov 2001 12:33:41 -0700

On Wed, Nov 28, 2001 at 07:54:39PM +0100, Lars Brinkhoff wrote:
> Eric Weigle <ehw@lanl.gov> writes:
> > > > "Richard B. Johnson" <root@chaos.analogic.com> writes:
> > > > > Basically, a "tee" to capture all network packets and pass them
> > > > > on to a filtering task without affecting normal network activity.
> > > > The af_packet module can read and write raw ethernet frames.
> > The af_packet module may also be fairly inefficient. If you need
> > performance over, say, a gigabit link, you may have trouble.
>
> Are you (or anyone else) aware of any alternative?
I'm sure it's just something silly that's hurt the performance of the
af_packet module (perhaps already fixed, perhaps in my methodology :|)

For the purposes of the work I was doing here (totally unrelated to this
Magic Lantern BS, which I didn't even know what it was until after I posted
the first response in this thread), I just needed to saturate a gigE link for
testing. To do this I just used three boxes flooding UDP packets and that
worked. As far as traffic collection goes (which is what I was testing),
we went with another approach-- an optical tap to snarf off a copy of all
the data on a link, and then a custom kernel I hacked up to do the work
in the kernel itself (avoiding the kernel--user space copy and the stack
entirely). This is not for the faint of heart.

-Eric

-- 
--------------------------------------------
 Eric H. Weigle   CCS-1, RADIANT team
 ehw@lanl.gov     Los Alamos National Lab
 (505) 665-4937   http://home.lanl.gov/ehw/
--------------------------------------------
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/