[Oisf-devel] innovation
Victor Julien
victor at inliniac.net
Mon Aug 23 09:52:58 UTC 2010
m wrote:
>> The main issue with nfqueue is performance. As discussed with Victor
>> Julien once, it is not possible to exceed a certain number of packets
>> per second (even if hardware is improved). This limit is quiet annoying
>> and a better/faster queuing mechanism has to be developped to fix this
>> issue.
>
> No, the main issue with nfqueue is that it is a terminating target and
> diverts the packet to the next table, instead of going to the next rule
> in the table.
> The kernel can buffer packets pretty fast, that's it's specialty.
Moving Suricata into the kernel seems like the wrong solution for fixing
that issue. Writing a new and better queuing mechanism would make more
sense.
Cheers,
Victor
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-devel
mailing list