[Bro-Dev] snaplen and drops
Robin Sommer
robin at icir.org
Wed Oct 26 21:24:58 PDT 2011
On a reasonable fast Linux box seeing (currently) <10M/bps, I'm
getting lots packet drops with current master, even though CPU is very
low. I did the usual sysctl tuning, but that didn't help. Then I
reduced the snaplen (which now defaults to 65K) down to 8K, and the
drops disappeared.
That seems is quite an extreme effect of the new default value. Should
we reconsider and (1) use a smaller default, and/or (2) make the
snaplen accesible from the scripting layer (right now, there's only
-s; which doens't work well with BroControl).
Is there other tuning to get around the problem (with standard kernel,
not PF_RING etc.)?
Robin
--
Robin Sommer * Phone +1 (510) 722-6541 * robin at icir.org
ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org
More information about the bro-dev
mailing list