zeek/testing/btest/Baseline/core.pcap.wrong-format at 49f82b325baefd330ddea9f9b66c4cdaa3bc9bec - Mirror/zeek

mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00

History

Arne Welzel 7fac5837c3 iosource/pcap: Support configurable buffer size On Linux with a default ext4 or tmpfs filesystem, the default buffer size for reading a pcap is chosen as 4k (strace/gdb validated). When reading large pcaps containing raw data transfers, the syscall overhead for read becomes visible in profiles. Support configurability of the buffer size and default to 128kb. When processing a ~830M PCAP (16 UDP connections, each transferring ~50MB) in bare mode, this change improves runtime from 1.39 sec to 1.29 sec. Increasing the buffer further didn't provide a noticeable boost.	2023-10-10 15:08:51 +02:00
..
output	iosource/pcap: Support configurable buffer size	2023-10-10 15:08:51 +02:00
output2	iosource/pcap: Support configurable buffer size	2023-10-10 15:08:51 +02:00

Arne Welzel 7fac5837c3 iosource/pcap: Support configurable buffer size

On Linux with a default ext4 or tmpfs filesystem, the default buffer size for
reading a pcap is chosen as 4k (strace/gdb validated). When reading large pcaps
containing raw data transfers, the syscall overhead for read becomes visible
in profiles. Support configurability of the buffer size and default to 128kb.

When processing a ~830M PCAP (16 UDP connections, each transferring ~50MB) in
bare mode, this change improves runtime from 1.39 sec to 1.29 sec. Increasing
the buffer further didn't provide a noticeable boost.

2023-10-10 15:08:51 +02:00

output

iosource/pcap: Support configurable buffer size

2023-10-10 15:08:51 +02:00

output2

iosource/pcap: Support configurable buffer size

2023-10-10 15:08:51 +02:00