[Oisf-devel] the problem of suricata
Victor Julien
victor at inliniac.net
Wed Jan 5 16:42:46 UTC 2011
On 01/05/2011 03:39 AM, iswalker wrote:
> hi,when i read the codes of suricata,i found a problem ,the module of
> suricata is multithread, the thread of receiveing pakcets use memcpy
> function to EVERY pakcet, and this will make suricata slower, can when
> we use zero copy tech to erase memcp in the next release ?
>
> codes like the following:
>
> in source-pcap.c/ReceivePcap/PcapCallback function
>
> memcpy(p->pkt, pkt, p->pktlen);
We have discussed this before here:
https://redmine.openinfosecfoundation.org/issues/197
The problem is that the libraries we rely on to get us packets (like
libpcap and libnetfilter_queue) don't store buffers. So if we work with
a pointer as supplied by these libraries, we may at some point work with
invalid data.
Ideas are very much welcome though!
Cheers,
Victor
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-devel
mailing list