segfault at 000000000311c000 rip 000000000040fb46 rsp 0000007fbffff830 error 4

[Peter Van Epp]

On Mon, May 04, 2009 at 03:31:19PM +0200, Gunnar Lindberg wrote:
> Carter & Peter,
> 
> Many thanks for prompt responses. We now have argus-3.0.1.beta.3
> in the air and so far everthing is fine - hopefully it will stay
> that way :-).
> 
> As for 1-6) I'll admit we need to go through them a few times more
> and see which of them we can make use of. Useful stuff, although
> we may be stopped by things like "local purchase policy".
> 
> 	Gunnar
> 

	The most useful one (DAG cards) is far more likely to hit sticker 
shock :-). I think they are in the $20,000 US range for a single channel (i.e.
you need two for FDX along with two machines which you already have). 
www.endace.com is their home. They are not cheap but they have the best chance 
of keeping up and because they time stamp the packets via an internal CPU on 
card they aren't subject to timestamp inaccuracy because of interrupt latency 
nor packet loss due to bus conflicts as there is an internal 4 meg buffer (as 
opposed to 65K on a standard 1 gig NIC card although they can still be impacted
by too slow system memory and not enough CPU to process the packets in time 
(Carter told me some time back that about a %50 loaded OC192 is about the best
he had seen, by now someone may have done better though). 
	Depending on your link utilization the most likely loss area is between
the kernel and libpcap in userland. Phil Wood's libpcap eliminates a copy 
in there by using mmap to remap the pages without a copy and will be the next
biggest help after DAG cards I expect. It can be found at 

http://public.lanl.gov/cpw/

and installed easily when last I did it (unlike pf-ring :-)). 

Peter Van Epp