Buffer size for capturing packets in kernel space?

Question

Buffer size for capturing packets in kernel space?

Go through the tcpdump man page here. It seems that the kernel can drop packets if the buffer is full. I was wondering if

1) this size is customizable and / or 2) Where can I see the size of my distribution?

From the man page (for convenience):

`` drop by kernel '' packages (this is the number of packages that were removed due to lack of buffer space by the packet capture mechanism in the OS running tcpdump, if the OS reports this information to applications, and if not, it will be reported like 0).

+5

linux unix linux-kernel networking network-programming

Anon Aug 08 '11 at 8:16

source share

2 answers

1) , , .

2) setsockopt / getsockopt SO_RCVBUF / SO_SNDBUF

Linux, , , . http://linux.die.net/man/7/socket

+1

young 08 . '11 20:43

ezpz · Accepted Answer · 2011-08-10T21:25:48+0000

, , , :

/proc/sys/net/core/netdev_max_backlog /proc/sys/net/core/netdev_budget. , , ; 2000.
/ tcpdump , recv
- -nn, DNS
- , gulp
, taskset
nice

, , . , .

Buffer size for capturing packets in kernel space?

More articles: