Hacker News new | past | comments | ask | show | jobs | submit login

You can get zero-copy for tcpdump with PF_RING or netmap.



I'm aware of libpcap's ability to share memory with a user buffer, but I didn't find any mention that tcpdump utility is actually written to exploit it for extra fast writes.

Look here how they handle this in stenographer: https://github.com/google/stenographer/blob/65fb928e6bce276c...

I guess that in principle they could have patched tcpdump, but it's probably easier to have a smaller software written to do exactly what you want rather than extend a general purpose mature complex tool such as tcpdump.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: