[Oisf-users] FreeBSD NETMAP guide
Peter Manev
petermanev at gmail.com
Thu Mar 10 12:43:59 UTC 2016
On Thu, Mar 10, 2016 at 1:35 PM, Victor Julien <lists at inliniac.net> wrote:
> The wiki would be a great place to start:
> https://redmine.openinfosecfoundation.org/projects/suricata/wiki
>
and there are some helpful initial installation steps for netmap and
suricata that can be found here as well as part of the ticket (thanks
Vadim) -
https://redmine.openinfosecfoundation.org/issues/1714
(though this is for CentOS 6.7 based Linux with 4.1.16 kernel)
> On 10-03-16 13:29, Cloherty, Sean E wrote:
>> . . . and I can't be the only one hoping for the same for CentOS...
>>
>> -----Original Message-----
>> From: Oisf-users [mailto:oisf-users-bounces at lists.openinfosecfoundation.org] On Behalf Of elof2 at sentor.se
>> Sent: Thursday, March 10, 2016 06:48 AM
>> To: oisf-users at lists.openinfosecfoundation.org
>> Subject: [Oisf-users] FreeBSD NETMAP guide
>>
>> Hi all, especially FreeBSD users.
>>
>> In the docs directory there's an old textfile for FreeBSD 8.
>>
>> I would greatly appreciate if the FreeBSD users merged together an updated textfile with hints, tips and tricks for FreeBSD 10.x/11.x, with the new NETMAP support.
>>
>>
>>
>> Examples of topics I'd like:
>>
>> What hardware (NICs) is known to work good?
>>
>> rc.conf
>> - give examples and explain that e.g. options "-lro" and "monitor" should be used (for IDS mode)
>>
>>
>> What tweaks to put in /etc/sysctl.conf (and /boot/loader.conf???).
>> - net.bpf.zerocopy_enable=1 ?
>> - net.bpf.maxbufsize= huge numer? How large? 15% of total RAM?
>> - kern.ipc.maxsockbuf? kern.threads.max_threads_per_proc? dev.ix.0.fc=0?
>> - etc
>>
>>
>> What config/tweaks to put in suricata.yaml
>> - specifically for NETMAP
>> - Mapping CPUs to queues
>> - recommended runmode
>> - etc
>>
>>
>>
>> If you people can feed me your thoughts and experiences, I'm happy to
>> put together a new textfile (FreeBSD.NETMAP.txt) for the docs dir.
>>
>>
>>
>>
>> It's time to show the world that linux+PF-RING isn't the only way to go.
>>
>> /Elof
>> _______________________________________________
>> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
>> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
>> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>> Suricata User Conference November 9-11 in Washington, DC: http://oisfevents.net
>> _______________________________________________
>> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
>> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
>> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>> Suricata User Conference November 9-11 in Washington, DC: http://oisfevents.net
>>
>
>
> --
> ---------------------------------------------
> Victor Julien
> http://www.inliniac.net/
> PGP: http://www.inliniac.net/victorjulien.asc
> ---------------------------------------------
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Suricata User Conference November 9-11 in Washington, DC: http://oisfevents.net
--
Regards,
Peter Manev
More information about the Oisf-users
mailing list