[Oisf-users] Suricata with PF_RING on latest git
Edward Fjellskål
edwardfjellskaal at gmail.com
Wed Jul 4 20:56:03 UTC 2012
..
>> What confuses me is that "-lpthread" is already in the generated compile
>> flags, but somehow the order matters, at least in Ubuntu 12.04.
>
> That's weird! I will have a look. I'm currently downloading an ubuntu.
>
> People should really use af-packet instead of pf-ring ;)
..
Im testing different stuff now, and on an old Intel dual core here,
I was seeing 17% packetloss using af-packet with zero copy on a
60Mbit/s link that I feed with tcpreplay. I tried upping buffers,
but not much difference :(
With pfring and pfring aware network driver:
driver: e1000e
version: 2.0.0.1-NAPI
firmware-version: 0.15-4
I have 0% packetloss on the same amount of traffic....
I followed:
https://home.regit.org/2012/02/using-af_packet-zero-copy-mode-in-suricata/
for the afpacket ( but the --runmode=worker is incorrect,
should be --runmode=workers - there are more such typ0s if
you look at --list-runmodes)
>From the testing Im doing now, about 50% of the times I stop
suricata, it wont... One time it spit out some info about
it taking too long to shut down, and after a little while
killed itself!
E
More information about the Oisf-users
mailing list