[Oisf-users] What are capture.kernel_packets, capture.kernel_drops

[Charles DeVoe]

in the stats file there are 2 values of interest, capture.kernel_packets, capture.kernel_drops.  
I believe that capture.kernel_packets would be the total number of packets for each thread,  capture.kernel_drops would be the number of capture.kernel_packets dropped.  Hence capture.kernel_packets should always be greater than capture.kernel_drops.  However, this does not appear to be the case.  We have many instances where the number of capture.kernel_packets is less than capture.kernel_drops.  Indicating we are dropping more packets than we receive.  

The question here is what are these two values and how are they derived?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20141008/00409211/attachment.html>