[Oisf-users] Fwd: Packets stucked in Nfqueue when running inline
Fernando Ortiz
fernando.ortiz.f at gmail.com
Thu Jun 23 19:05:36 UTC 2011
In test environment (not real traffic, just stress test and pcaps
replications using tomahaw and tcpreplay) I got better performance in
througput running with 4 queues. This is not the case because the max
throughput in this network is 25 Mbps and running with 1 queue should be
enough. I used 2 queues just for testing. I don't believe Suricata would
process more than 500 Mbps of througput running with 1 queue. I 'd rather
avoid running multiple instances.
2011/6/22 Dave Remien <dave.remien at gmail.com>
> Looking at the nfq code, there's some "interesting" code in the area where
> packets are nfq acked, having to do with inspecting inside tunnels. I'm not
> saying there's a problem, just try to narrow down what to look at.
>
> Are you running Suricata on two nfqs for a specific purpose?
>
> Cheers!
>
> Dave
>
>
--
Fernando Ortiz
Twitter: http://twitter.com/FernandOrtizF
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20110623/28e413c5/attachment-0002.html>
More information about the Oisf-users
mailing list