[Oisf-users] Suricata on 8 cores, ~70K packets/sec
Victor Julien
victor at inliniac.net
Mon Feb 21 19:21:47 UTC 2011
On 02/21/2011 07:06 AM, Chris Wakelin wrote:
> On 18/02/11 02:01, Victor Julien wrote:
>> On 02/17/2011 09:16 AM, Chris Wakelin wrote:
>>> I've tried increasing the stream reassembly memcap to 512mb, and it
>>> still seems to use it all. I've not had any flow emergency mode recently
>>> though.
>>
>> If you have the memory, try increasing it more :)
>
> I've increased it to 1Gb which was enough for one of the servers, but
> the other one still runs out. I'll try 2Gb!
You can go up to 4GB, as the memory tracking is done with 32 bit
unsigned integers.
> It's happening again! I've tried running "strace" against the PID of the
> Decode1 thread, and got lots of
Jason Ish just found that our flow hashing function is far from optimal,
possibly resulting in a very unbalanced hash table. This in turn could
significantly slow down the decode thread... maybe that is what is
happening here...
I'll try to see if I can get a better function in there at the end of
the week.
Cheers,
Victor
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list