[Oisf-users] For those who haven't read this

Matt Jonkman jonkman at jonkmans.com
Wed Jul 21 20:00:05 UTC 2010

On 7/21/10 2:58 PM, Robert Vineyard wrote:
> http://vrt-sourcefire.blogspot.com/2010/06/single-threaded-data-processing.html
> Here's another link (a writeup by Marty Roesch of Sourcefire) referenced
> from the article you mentioned.
> In light of this discussion, does OISF / Suricata have a response to
> Sourcefire's critique of a multi-threaded engine model that uses several
> threads to process the same data simultaneously? It seems to me that the
> most efficient way to do things would be to have a front-end load-balancer
> that could distribute the traffic to multiple back-end threads or processes
> that would each operate on independent data streams. This is the strategy
> employed by Endace and others to accomplish high-throughput IDS inspection.

I'll leave this for Victor and Will to answer in detail, but that's
about where we're going.

Now nobody is saying that 4 cores gives you a 4-fold performance
increase. It's something less than that. But it's our only way forward.
The processors aren't going to get faster.

> On a related note, are there any plans to implement native acceleration
> support for other vendors besides Endace (in particular Napatech / nPulse)?

Yes! As Randy mentioned they're building it now. We'll have news about
this very shortly as far as membership and support!


> Thanks!
> --
> [ Robert Vineyard | RHCE, Security+ ]    [ robert.vineyard at oit.gatech.edu  ]
> [ Information Security Engineer III ]    [ 404.385.6900 | FAX 404.894.9548 ]
> [Finding a needle in a haystack isn't hard when every straw is computerized]
> On 07/21/2010 07:05 AM, Kevin Ross wrote:
>> http://vrt-sourcefire.blogspot.com/2010/07/innovation-you-keep-using-that-word.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Vrt+(Sourcefire+VRT+-+Vulnerability+Research%2C+Snort+Rules+and+Explosions)
>> <http://vrt-sourcefire.blogspot.com/2010/07/innovation-you-keep-using-that-word.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Vrt+(Sourcefire+VRT+-+Vulnerability+Research%2C+Snort+Rules+and+Explosions)>
>> _______________________________________________
>> Oisf-users mailing list
>> Oisf-users at openinfosecfoundation.org
>> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> _______________________________________________
> Oisf-users mailing list
> Oisf-users at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users


Matthew Jonkman
Emerging Threats
Open Information Security Foundation (OISF)
Phone 765-429-0398
Fax 312-264-0205

PGP: http://www.jonkmans.com/mattjonkman.asc

More information about the Oisf-users mailing list