[Bro-Dev] snaplen and drops
Seth Hall
seth at icir.org
Thu Nov 3 06:42:10 PDT 2011
On Nov 3, 2011, at 8:58 AM, Lothar Braun wrote:
> I had a quick look at the libpcap (1.2.0) and the libdaq (0.6.2) code. It seems to me that both of them perform basically the same steps for packet acquisition.
>
> Both create a socket PF_PACKET socket, both request a shared memory area on the capturing rx_ring. And both perform similar operations during packet acquisition:
Did you look int the os-daq-modules/daq_afpacket.c file? DAQ implements the AF_PACKET support there.
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/
More information about the bro-dev
mailing list