[Oisf-devel] Suricata, PF_RING, and subinterfaces
Victor Julien
victor at inliniac.net
Fri Jul 22 07:05:28 UTC 2011
On 07/22/2011 12:09 AM, Will Metcalf wrote:
> Luca recently changed the API packets are now passed as reference.
> Victor has a patch in his inbox for suricata to work with the latest
Just pushed this out.
> PF_RING. Additionally currently we always assign a cluster-id even if
> we only have a single cluster member, this seems to be broken in
> PF_RING using multiple interfaces i.e. eth0 and eth1 can't both be
> members of cluster 99, so I'm not sure what this means for your bonded
> interface but perhaps we should do some check like if the receive
> threads < 2 and cluster-id isn't specified don't assign one, if
> receive threads > 1 and no cluster-id is assigned bail... We are also
> working on support for multiple interfaces for PF_RING but clustering
> complicates things so --pfring-int eth0 --pfring-int eth1, similar to
> pcap.
Accepting patches :)
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-devel
mailing list