[Oisf-devel] Linux af-packet::mmap enhancement
Victor Julien
victor at inliniac.net
Thu Jun 23 07:03:01 UTC 2011
On 06/22/2011 08:30 PM, chetan loke wrote:
> Hello,
>
> I recently came across the suricata project. I haven't looked at the
> suricata code in detail and know nothing about the architecture. So if
> my email doesn't make sense then please ignore it.
This certainly looks interesting to use in Suricata. We are currently
looking at adding AF_PACKET support, but we could use help. As you may
have seen on netdev David Miller is working on a cluster mode (FANOUT as
he calls it) for AF_PACKET, that looks very useful for us too.
> Around a month ago, I posted a patch(version1 on linux netdev) to enhance
> mmap->TPACKET_V2 style packet-capture on linux. The new proposed
> version 'TPACKET_V3' allows a user to essentially
> request an entire block of packets rather than grabbing
> packet-by-packet. The first link below explains the rationale of the
> logic. And the sample code demonstrates how to capture/flush an entire
> block.
Makes sense as a performance improvement.
> Note: The patch itself may/may-not get accepted. But I am planning on
> maintaining the patchset on the git repository mentioned below.
> Soon(next month or so) I will roll out a kernel-rpm(mostly based on
> FC15) and post it on the git repository. Thereafter, the plan is to
> keep posting newer kernel-rpms or patched kernel(after pulling from
> kernel.org) sources.
>
>
> 1) kernel patch - based on net-next.
>
> http://marc.info/?l=linux-netdev&m=130870868502003&w=3
> http://marc.info/?l=linux-kernel&m=130870870702028&w=3
> http://marc.info/?l=linux-netdev&m=130870873902061&w=3
I see you got no replies to it. On list anyway.
>
> 2) Sample user space C code:
> git://lolpcap.git.sourceforge.net/gitroot/lolpcap/lolpcap
>
> 3) Notice the use of priv_space in the block-header. Search for 'csum'
> in the sample C code.
> One can allocate say 'x' bytes and use it as a hole. Different
> threads can stash data before passing it along to other threads.
> The kernel does NOT clean up that private area on purpose. So if
> user space wants, that data can remain sticky.
> But user-space can also memset the entire/partial block before
> releasing it back to the kernel.
>
> 4) Counters are provided to find out if you need to:
> 4.1) allocate more blocks
> 4.2) increase the time-out.
Personally I won't have the cycles to look into this any time soon, but
would welcome help :)
Cheers,
Victor
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-devel
mailing list