From jonkman at jonkmans.com Tue Jul 28 16:51:59 2009 From: jonkman at jonkmans.com (Matt Jonkman) Date: Tue, 28 Jul 2009 16:51:59 -0400 Subject: [Oisf-wg-nonstandardacceleration] OISF Non-Standard Acceleration Working Group Kickoff Message-ID: <4A6F64EF.7000200@jonkmans.com> Thanks to all for joining this group and showing your interest! This group has the responsibility of making recommendations regarding the use, feasibility of, and implementation of non-standard hardware and other acceleration methods. The group is primarily focused on OpenCL and CUDA uses of standard graphics cards. Other subjects related are welcome. Please feel free to contribute! This is a discussion. Jason MacLulich (Jason.MacLulich at endace.com) is the lead of this group. his responsibility here will be to spark discussion, steer us to stay out of tangents, and summarize the final recommendations. Recommendations are due by August 12. The group has wiki space available for all to use at: http://doc.emergingthreats.net/bin/view/Main/NonStandardAccelerationWG The primary questions to make recommendations about are: * Is graphics card acceleration feasible for IDS use? * If so what implementations are best for use here, and licensed appropriately? * if above true is this a feature the foundation might feasibly implement in it's phase one development cycle for release December 31 2009? Thanks Jason and Anoop for leading this group. I think everyone will find both of their experience in the field enlightening. Can you open us up by explaining what's out there gentlemen? Thanks Matt -- -------------------------------------------- Matthew Jonkman Emerging Threats Phone 765-429-0398 Fax 312-264-0205 http://www.emergingthreats.net -------------------------------------------- PGP: http://www.jonkmans.com/mattjonkman.asc From victor at inliniac.net Tue Jul 28 17:54:55 2009 From: victor at inliniac.net (Victor Julien) Date: Tue, 28 Jul 2009 23:54:55 +0200 Subject: [Oisf-wg-nonstandardacceleration] OISF Non-Standard Acceleration Working Group Kickoff In-Reply-To: <4A6F64EF.7000200@jonkmans.com> References: <4A6F64EF.7000200@jonkmans.com> Message-ID: <4A6F73AF.8070909@inliniac.net> Matt Jonkman wrote: > * Is graphics card acceleration feasible for IDS use? I think the pixelsnort and gnort papers have shown that using the GPU definitely has potential. At really high speeds I wonder if the bus is going to be fast enough though. But even if it's not suitable for 10G speeds but it helps getting to 1G it could be useful for many... > * If so what implementations are best for use here, and licensed > appropriately? OpenCL seems interesting as it's basically a vendor neutral CUDA. OpenCL however is still so new that most implementations are still of alpha quality. Anyone have any experience with OpenCL? > * if above true is this a feature the foundation might feasibly > implement in it's phase one development cycle for release December 31 2009? Personally I think we can do a basic pattern matching implementation in OpenCL for Phase 1. Anoop has come quite far already. Right now driver bugs have stopped him but I'm sure he can finish it up in time if the driver is fixed. Cheers! Victor -- --------------------------------------------- Victor Julien http://www.inliniac.net/ PGP: http://www.inliniac.net/victorjulien.asc --------------------------------------------- From dave.remien at gmail.com Tue Jul 28 18:46:35 2009 From: dave.remien at gmail.com (Dave Remien) Date: Tue, 28 Jul 2009 16:46:35 -0600 Subject: [Oisf-wg-nonstandardacceleration] OISF Non-Standard Acceleration Working Group Kickoff In-Reply-To: <4A6F73AF.8070909@inliniac.net> References: <4A6F64EF.7000200@jonkmans.com> <4A6F73AF.8070909@inliniac.net> Message-ID: <2af341ab0907281546g577f2945r3cf0484a7e6e755d@mail.gmail.com> On Tue, Jul 28, 2009 at 3:54 PM, Victor Julien wrote: > Matt Jonkman wrote: > > * Is graphics card acceleration feasible for IDS use? > > I think the pixelsnort and gnort papers have shown that using the GPU > definitely has potential. At really high speeds I wonder if the bus is > going to be fast enough though. While looking to see if the Core I7 world was going anywhere yesterday, I saw a dual Socket 1366 Supermicro mobo (MBD-X8DTH-6F-O) with 7 PCIE sockets. Given the QuickPath stuff and the dual SouthBridges, should be able to get well into the multi-gig range if multiple GPUs can help with the matching. And on to the next bottleneck... > But even if it's not suitable for 10G speeds but it helps getting to 1G > it could be useful for many... > Even one GPU card should be good for 1-2Gbit/sec on a dual socket Core2 mobo (real world traffic). > > > * If so what implementations are best for use here, and licensed > > appropriately? > > OpenCL seems interesting as it's basically a vendor neutral CUDA. OpenCL > however is still so new that most implementations are still of alpha > quality. > > Anyone have any experience with OpenCL? > > > * if above true is this a feature the foundation might feasibly > > implement in it's phase one development cycle for release December 31 > 2009? > > Personally I think we can do a basic pattern matching implementation in > OpenCL for Phase 1. Anoop has come quite far already. Right now driver > bugs have stopped him but I'm sure he can finish it up in time if the > driver is fixed. > Looking forward to getting my hands on something... 8-) Cheers! Dave -- "Of course, someone who knows more about this will correct me if I'm wrong, and someone who knows less will correct me if I'm right." David Palmer (palmer at tybalt.caltech.edu) -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.openinfosecfoundation.org/pipermail/oisf-wg-nonstandardacceleration/attachments/20090728/d2f48daf/attachment.html From Jason.MacLulich at endace.com Tue Jul 28 19:31:05 2009 From: Jason.MacLulich at endace.com (Jason MacLulich) Date: Wed, 29 Jul 2009 11:31:05 +1200 Subject: [Oisf-wg-nonstandardacceleration] OISF Non-StandardAcceleration Working Group Kickoff In-Reply-To: <2af341ab0907281546g577f2945r3cf0484a7e6e755d@mail.gmail.com> References: <4A6F64EF.7000200@jonkmans.com> <4A6F73AF.8070909@inliniac.net> <2af341ab0907281546g577f2945r3cf0484a7e6e755d@mail.gmail.com> Message-ID: <659F626D666070439A4A5965CD6EBF4002388898@gazelle.ad.endace.com> > Anyone have any experience with OpenCL? I've been sticking with C for CUDA, because of the immaturity of OpenCL. > Personally I think we can do a basic pattern matching implementation in > OpenCL for Phase 1. Anoop has come quite far already. Right now driver > bugs have stopped him but I'm sure he can finish it up in time if the > driver is fixed. Be good to get more details on this: - what pattern matching algorithm or variation is being implemented? - details on how the threading model, kernel instantiations, etc.. - have we got any performance statistics? - what are the driver BUGS that are preventing this work from being completed. - any code I can look at? Doesn't seem to be anything in the source repository. Cheers, Jason. From poonaatsoc at gmail.com Wed Jul 29 01:46:41 2009 From: poonaatsoc at gmail.com (Anoop Saldanha) Date: Wed, 29 Jul 2009 11:16:41 +0530 Subject: [Oisf-wg-nonstandardacceleration] OISF Non-StandardAcceleration Working Group Kickoff In-Reply-To: <659F626D666070439A4A5965CD6EBF4002388898@gazelle.ad.endace.com> References: <4A6F64EF.7000200@jonkmans.com> <4A6F73AF.8070909@inliniac.net> <2af341ab0907281546g577f2945r3cf0484a7e6e755d@mail.gmail.com> <659F626D666070439A4A5965CD6EBF4002388898@gazelle.ad.endace.com> Message-ID: On Wed, Jul 29, 2009 at 5:01 AM, Jason MacLulich wrote: > > > Anyone have any experience with OpenCL? > > I've been sticking with C for CUDA, because of the immaturity of OpenCL. > > > Personally I think we can do a basic pattern matching implementation > in > > OpenCL for Phase 1. Anoop has come quite far already. Right now driver > > bugs have stopped him but I'm sure he can finish it up in time if the > > driver is fixed. > > Be good to get more details on this: > - what pattern matching algorithm or variation is being > implemented? > - details on how the threading model, kernel > instantiations, etc.. > - have we got any performance statistics? > - what are the driver BUGS that are preventing this work from > being completed. > - any code I can look at? Doesn't seem to be anything in the > source repository. > > Cheers, Jason. > _______________________________________________ > We carried out a POC for a 2 gram version of b2g using OpenCL on the nvidia driver. We have no performance statistics. The driver behaviour was inconsistent, with bugs resulting from things like seg fault by just modifying a kernel's name to backtraces for defining a temp variable in the kernel with "int temp = 50"(reported to nvidia). We haven't got any code into the source repository. We are still in the implementation phase, which we have deferred for now, because of some bugs in the driver. -- Regards, Anoop Saldanha -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.openinfosecfoundation.org/pipermail/oisf-wg-nonstandardacceleration/attachments/20090729/dc699ad4/attachment.html From Jason.MacLulich at endace.com Wed Jul 29 01:56:19 2009 From: Jason.MacLulich at endace.com (Jason MacLulich) Date: Wed, 29 Jul 2009 17:56:19 +1200 Subject: [Oisf-wg-nonstandardacceleration] OISF Non-StandardAccelerationWorking Group Kickoff In-Reply-To: References: <4A6F64EF.7000200@jonkmans.com> <4A6F73AF.8070909@inliniac.net><2af341ab0907281546g577f2945r3cf0484a7e6e755d@mail.gmail.com><659F626D666070439A4A5965CD6EBF4002388898@gazelle.ad.endace.com> Message-ID: <659F626D666070439A4A5965CD6EBF40023889DA@gazelle.ad.endace.com> Are u dev'ing in a branch? Can we see current progress? From: oisf-wg-nonstandardacceleration-bounces at openinfosecfoundation.org [mailto:oisf-wg-nonstandardacceleration-bounces at openinfosecfoundation.org] On Behalf Of Anoop Saldanha Sent: Wednesday, July 29, 2009 5:47 PM To: Discussion of OpenCL and Cuda acceleration Subject: Re: [Oisf-wg-nonstandardacceleration] OISF Non-StandardAccelerationWorking Group Kickoff On Wed, Jul 29, 2009 at 5:01 AM, Jason MacLulich wrote: > Anyone have any experience with OpenCL? I've been sticking with C for CUDA, because of the immaturity of OpenCL. > Personally I think we can do a basic pattern matching implementation in > OpenCL for Phase 1. Anoop has come quite far already. Right now driver > bugs have stopped him but I'm sure he can finish it up in time if the > driver is fixed. Be good to get more details on this: ? ? ? ?- what pattern matching algorithm or variation is being implemented? ? ? ? ? ? ? ? ?- details on how the threading model, kernel instantiations, etc.. ? ? ? ?- have we got any performance statistics? ? ? ? ?- what are the driver BUGS that are preventing this work from being completed. ? ? ? ?- any code I can look at? Doesn't seem to be anything in the source repository. Cheers, Jason. _______________________________________________ We carried out a POC for a 2 gram version of b2g using OpenCL on the nvidia driver.? We have no performance statistics.? The driver behaviour was inconsistent, with bugs resulting from things like seg fault by just modifying a kernel's name to backtraces for defining a temp variable in the kernel with "int temp = 50"(reported to nvidia). We haven't got any code into the source repository.? We are still in the implementation phase, which we have deferred for now, because of some bugs in the driver. -- Regards, Anoop Saldanha From Jason.MacLulich at endace.com Wed Jul 29 01:57:30 2009 From: Jason.MacLulich at endace.com (Jason MacLulich) Date: Wed, 29 Jul 2009 17:57:30 +1200 Subject: [Oisf-wg-nonstandardacceleration] OISFNon-StandardAccelerationWorking Group Kickoff In-Reply-To: <659F626D666070439A4A5965CD6EBF40023889DA@gazelle.ad.endace.com> References: <4A6F64EF.7000200@jonkmans.com><4A6F73AF.8070909@inliniac.net><2af341ab0907281546g577f2945r3cf0484a7e6e755d@mail.gmail.com><659F626D666070439A4A5965CD6EBF4002388898@gazelle.ad.endace.com> <659F626D666070439A4A5965CD6EBF40023889DA@gazelle.ad.endace.com> Message-ID: <659F626D666070439A4A5965CD6EBF40023889DB@gazelle.ad.endace.com> My mistake, didn't see the comment about no source in the repository, any chance we can get what's done checked into a branch? -----Original Message----- From: oisf-wg-nonstandardacceleration-bounces at openinfosecfoundation.org [mailto:oisf-wg-nonstandardacceleration-bounces at openinfosecfoundation.org] On Behalf Of Jason MacLulich Sent: Wednesday, July 29, 2009 5:56 PM To: Discussion of OpenCL and Cuda acceleration Subject: Re: [Oisf-wg-nonstandardacceleration] OISFNon-StandardAccelerationWorking Group Kickoff Are u dev'ing in a branch? Can we see current progress? From: oisf-wg-nonstandardacceleration-bounces at openinfosecfoundation.org [mailto:oisf-wg-nonstandardacceleration-bounces at openinfosecfoundation.org] On Behalf Of Anoop Saldanha Sent: Wednesday, July 29, 2009 5:47 PM To: Discussion of OpenCL and Cuda acceleration Subject: Re: [Oisf-wg-nonstandardacceleration] OISF Non-StandardAccelerationWorking Group Kickoff On Wed, Jul 29, 2009 at 5:01 AM, Jason MacLulich wrote: > Anyone have any experience with OpenCL? I've been sticking with C for CUDA, because of the immaturity of OpenCL. > Personally I think we can do a basic pattern matching implementation in > OpenCL for Phase 1. Anoop has come quite far already. Right now driver > bugs have stopped him but I'm sure he can finish it up in time if the > driver is fixed. Be good to get more details on this: ? ? ? ?- what pattern matching algorithm or variation is being implemented? ? ? ? ? ? ? ? ?- details on how the threading model, kernel instantiations, etc.. ? ? ? ?- have we got any performance statistics? ? ? ? ?- what are the driver BUGS that are preventing this work from being completed. ? ? ? ?- any code I can look at? Doesn't seem to be anything in the source repository. Cheers, Jason. _______________________________________________ We carried out a POC for a 2 gram version of b2g using OpenCL on the nvidia driver.? We have no performance statistics.? The driver behaviour was inconsistent, with bugs resulting from things like seg fault by just modifying a kernel's name to backtraces for defining a temp variable in the kernel with "int temp = 50"(reported to nvidia). We haven't got any code into the source repository.? We are still in the implementation phase, which we have deferred for now, because of some bugs in the driver. -- Regards, Anoop Saldanha _______________________________________________ Oisf-wg-nonstandardacceleration mailing list Oisf-wg-nonstandardacceleration at openinfosecfoundation.org http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-wg-nonstandardacceleration From robert.jamison at bt.com Wed Jul 29 12:18:05 2009 From: robert.jamison at bt.com (robert.jamison@bt.com) Date: Wed, 29 Jul 2009 17:18:05 +0100 Subject: [Oisf-wg-nonstandardacceleration] Oisf-wg-nonstandardacceleration Digest, Vol 1, Issue 2 In-Reply-To: References: Message-ID: <3839DD5BC9EE23459E6FAC536A2805370937A2E4@E03MVY2-UKDY.domain1.systemhost.net> Re:OpenCL Wikipedia has some good examples for getting starting and then building an FF transform: http://en.wikipedia.org/wiki/OpenCL Java binding for OpenCL here (not to plug java as a dev lang, just that someone is) http://jopencl.sourceforge.net/ RE:Work already done with CUDA Gnort: http://gpgpu.org/2008/10/26/gnort-high-performance-network-intrusion-det ection-using-graphics-processors Rob -----Original Message----- From: oisf-wg-nonstandardacceleration-bounces at openinfosecfoundation.org [mailto:oisf-wg-nonstandardacceleration-bounces at openinfosecfoundation.or g] On Behalf Of oisf-wg-nonstandardacceleration-request at openinfosecfoundation.org Sent: Wednesday, July 29, 2009 12:00 PM To: oisf-wg-nonstandardacceleration at openinfosecfoundation.org Subject: Oisf-wg-nonstandardacceleration Digest, Vol 1, Issue 2 Send Oisf-wg-nonstandardacceleration mailing list submissions to oisf-wg-nonstandardacceleration at openinfosecfoundation.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-wg-nonstand ardacceleration or, via email, send a message with subject or body 'help' to oisf-wg-nonstandardacceleration-request at openinfosecfoundation.org You can reach the person managing the list at oisf-wg-nonstandardacceleration-owner at openinfosecfoundation.org When replying, please edit your Subject line so it is more specific than "Re: Contents of Oisf-wg-nonstandardacceleration digest..." Today's Topics: 1. Re: [Oisf-wg-nonstandardacceleration] OISFNon-StandardAccelerationWorking Group Kickoff (Jason MacLulich) ---------------------------------------------------------------------- Message: 1 Date: Wed, 29 Jul 2009 17:57:30 +1200 From: "Jason MacLulich" Subject: Re: [Oisf-wg-nonstandardacceleration] OISFNon-StandardAccelerationWorking Group Kickoff To: "Discussion of OpenCL and Cuda acceleration" Message-ID: <659F626D666070439A4A5965CD6EBF40023889DB at gazelle.ad.endace.com> Content-Type: text/plain; charset="iso-8859-1" My mistake, didn't see the comment about no source in the repository, any chance we can get what's done checked into a branch? -----Original Message----- From: oisf-wg-nonstandardacceleration-bounces at openinfosecfoundation.org [mailto:oisf-wg-nonstandardacceleration-bounces at openinfosecfoundation.or g] On Behalf Of Jason MacLulich Sent: Wednesday, July 29, 2009 5:56 PM To: Discussion of OpenCL and Cuda acceleration Subject: Re: [Oisf-wg-nonstandardacceleration] OISFNon-StandardAccelerationWorking Group Kickoff Are u dev'ing in a branch? Can we see current progress? From: oisf-wg-nonstandardacceleration-bounces at openinfosecfoundation.org [mailto:oisf-wg-nonstandardacceleration-bounces at openinfosecfoundation.or g] On Behalf Of Anoop Saldanha Sent: Wednesday, July 29, 2009 5:47 PM To: Discussion of OpenCL and Cuda acceleration Subject: Re: [Oisf-wg-nonstandardacceleration] OISF Non-StandardAccelerationWorking Group Kickoff On Wed, Jul 29, 2009 at 5:01 AM, Jason MacLulich wrote: > Anyone have any experience with OpenCL? I've been sticking with C for CUDA, because of the immaturity of OpenCL. > Personally I think we can do a basic pattern matching implementation in > OpenCL for Phase 1. Anoop has come quite far already. Right now driver > bugs have stopped him but I'm sure he can finish it up in time if the > driver is fixed. Be good to get more details on this: ? ? ? ?- what pattern matching algorithm or variation is being implemented? ? ? ? ? ? ? ? ?- details on how the threading model, kernel instantiations, etc.. ? ? ? ?- have we got any performance statistics? ? ? ? ?- what are the driver BUGS that are preventing this work from being completed. ? ? ? ?- any code I can look at? Doesn't seem to be anything in the source repository. Cheers, Jason. _______________________________________________ We carried out a POC for a 2 gram version of b2g using OpenCL on the nvidia driver.? We have no performance statistics.? The driver behaviour was inconsistent, with bugs resulting from things like seg fault by just modifying a kernel's name to backtraces for defining a temp variable in the kernel with "int temp = 50"(reported to nvidia). We haven't got any code into the source repository.? We are still in the implementation phase, which we have deferred for now, because of some bugs in the driver. -- Regards, Anoop Saldanha _______________________________________________ Oisf-wg-nonstandardacceleration mailing list Oisf-wg-nonstandardacceleration at openinfosecfoundation.org http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-wg-nonstand ardacceleration ------------------------------ _______________________________________________ Oisf-wg-nonstandardacceleration mailing list Oisf-wg-nonstandardacceleration at openinfosecfoundation.org http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-wg-nonstand ardacceleration End of Oisf-wg-nonstandardacceleration Digest, Vol 1, Issue 2 ************************************************************* From victor at inliniac.net Thu Jul 30 03:24:40 2009 From: victor at inliniac.net (Victor Julien) Date: Thu, 30 Jul 2009 09:24:40 +0200 Subject: [Oisf-wg-nonstandardacceleration] OISF Non-Standard Acceleration Working Group Kickoff In-Reply-To: <2af341ab0907281546g577f2945r3cf0484a7e6e755d@mail.gmail.com> References: <4A6F64EF.7000200@jonkmans.com> <4A6F73AF.8070909@inliniac.net> <2af341ab0907281546g577f2945r3cf0484a7e6e755d@mail.gmail.com> Message-ID: <4A714AB8.7060206@inliniac.net> Dave Remien wrote: > I think the pixelsnort and gnort papers have shown that using the GPU > definitely has potential. At really high speeds I wonder if the bus is > going to be fast enough though. > > > While looking to see if the Core I7 world was going anywhere yesterday, > I saw a dual Socket 1366 Supermicro mobo (MBD-X8DTH-6F-O) with 7 PCIE > sockets. Given the QuickPath stuff and the dual SouthBridges, should be > able to get well into the multi-gig range if multiple GPUs can help with > the matching. Okay cool, so we can assume that bus won't get in the way. At least it won't be a reason not to pursue GPU processing. > And on to the next bottleneck... Amen! > But even if it's not suitable for 10G speeds but it helps getting to 1G > it could be useful for many... > > > Even one GPU card should be good for 1-2Gbit/sec on a dual socket Core2 > mobo (real world traffic). I think for many this would be very useful. While this is something the CPU can do as well with the help of the GPU an admin maybe could enable more sigs, other inspection. Cheers, Victor -- --------------------------------------------- Victor Julien http://www.inliniac.net/ PGP: http://www.inliniac.net/victorjulien.asc ---------------------------------------------