Re: capturing packets in many concurrent processes

[Bruce M Simpson <bms () spc org>]

On Tue, Jul 06, 2004 at 06:11:06PM -0700, Anthony D. Minkoff wrote:
> I'm implementing several programs that use libpcap to monitor and 
> analyze network traffic.  I understand that each of these programs uses 
> a BPF device, so that the number of such processes I can have running 
> on a system concurrently is limited by the number of BPF devices I have 
> on the system.  By default, this is 4.
[snip]

More of a FreeBSD kernel question, really. In -CURRENT, bpf is auto-cloning,
so there is no need to do anything further.
In the case of -STABLE, it may even be as simple as running /dev/MAKEDEV
to create more /dev/bpf* device nodes.
You should be able to bump up the number of bpf instances in your kernel
configuration.

BMS
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.