implementations。 Tests with Windows 2000 show usually better results than the Windows 98 ones because of the larger number of optimizations present in that driver (for example the delayed write capability)。
While the third test is the one that gives an indication of the overall performance of the WinPcap library, the fourth test is the most interesting from the end-user point of view。 This test confirms also that other part of the OS (the most noticeable is the file system managements) may have an importance that is far larger than the packet capture components。 In fact, Windows 2000 is able to receive almost all the packets on the network even if a non-negligible part of them are discarded because the impossibility to save them on disk。 From this perspective, FreeBSD (that saves data on the same FAT32 partition of Windows 98 and 2000) shows excellent results compared to the ones obtained in the previous tests。 The comparison among Windows 2000 saving on an NTFS or FAT32 partition shows that the file system technology itself is of primary importance for the overall performance of the capture process。
Notice that WinPcap has been used with the standard kernel buffer (1MB); in presence of heavy traffic the size of this buffer can be increased by the application through a simple function, improving noticeably the overall performance of the
system。 Vice versa, libpcap does not offer a method to set the kernel buffer and we had to modify it by hand in order to set it properly。
These tests show the excellent implementation of the NPF as well as the validity of architectural choices, like the circular kernel buffer instead of the original buffering architecture, the delayed write implementation and the update-space-during-copy in the kernel buffer。 Among the supported platforms, Windows 2000 is the best one for high performance network analyzers。 FreeBSD performance are rather surprising: we repeated all the tests with standard (32Kbytes) buffers but we did not get the differences that we expected; a large size for the kernel buffer does not seem to be able to influence substantially the performance of the capture process。
WinPcap has been proved being an excellent choice for the several applications that are based on high performance packet filtering on Win32 platforms。
We wish to thank all the people that, in several ways, collaborated with this project。 First of all, Piero Viano, Giampiero Alberelli, Fabio Magliano, Antonio Lantieri and Giovanni Meo, who started the implementation as a course work。 Thanks to all the Internet people (especially the tcpdump。org and Ethereal mailing lists) who sent us suggestions, bug fixing and source code that helped us to release a better tool。 Finally, we would like to thank Microsoft Research that partially supported our work。
An ad-hoc program has been used to test the monitoring capabilities of WinPcap。 Our tests confirm that CPU load is considerably low and that the results match exactly the ones already shown in Figure 5。 Figure 6 shows that the overall cost of a void application that captures at user level is far higher than kernel-mode monitoring。 The addiction of a further cost due to the monitoring code will give to the user-level application even worse results。 In addiction, user-level monitoring requires a non-negligible amount of memory。论文网
Even if these tests tend to isolate the impact of each subsystem (filtering, copying overhead), results are not able to show exactly the performance of the single
component。 This is due to the impossibility to isolate each component from interacting each one with the others and with the OS。
摘要 在许多组织中,数据库的开发从企业数据建模开始,企业数据建模确定了数据库的范围和一般内容。这一步骤通常发生在一个组织的信息系统规划的过程中,它的目的是帮助组织创建一个整体的数据描述或解释,而不是设计一个特定的数据库。一个特定数据库为一个或多个信息系统提供数据,而企业数据模型(可能涉及一些数据库)描述了由组织维护的数据范围。在企业数据建模中,你回顾了当前系统,需要对业务领域的本质进行分析,对抽象数据进行进一步的描述和规划一个或多个数据库开发项目。