[Bro] Number of simultaneous pcap_open calls per interface

Jason Chambers jchambers at ucla.edu
Wed Apr 21 22:28:46 PDT 2010

Hello all,

Can anyone explain the number of, and reasoning behind, multiple
pcap_open calls to the same interface ?  Is one used for each type of
analyzer ?

While experimenting with certain hardware I noticed a continuous stream
of errors due to exclusive usage limitations of the capture card.

(And if it's not too confusing I'd be interested to hear if and how the
Zero-copy buffer mode detailed in bpf(4) on FreeBSD might be utilized
within Bro).



