A. Biswas and P. Sinha (Canada)
Packet capture, high performance network processing.
In a network intrusion detection and network alarm
management system the packet capturing component is a
bottleneck. NAPI and PFRING, which attempt to improve
packet capturing performance of Linux, are inefficient.
We identified the hurdles and have implemented an user
space architecture (DMA ring) to capture packets under
high network load on a modest commodity platform. We
demonstrate that our user space network processing
architecture outperforms NAPI, PFRING and Linux in
terms of less CPU utilization and no packet loss.