[Oisf-users] Suricata with PF_RING on latest git

Eric Leblond eric at regit.org
Wed Jul 4 21:37:44 UTC 2012 

Hello,

Le mercredi 04 juillet 2012 à 22:56 +0200, Edward Fjellskål a écrit :
> ..
> >> What confuses me is that "-lpthread" is already in the generated compile
> >> flags, but somehow the order matters, at least in Ubuntu 12.04.
> > 
> > That's weird! I will have a look. I'm currently downloading an ubuntu.
> > 
> > People should really use af-packet instead of pf-ring ;)
> ..
> 
> Im testing different stuff now, and on an old Intel dual core here,
> I was seeing 17% packetloss using af-packet with zero copy on a
> 60Mbit/s link that I feed with tcpreplay. I tried upping buffers,
> but not much difference :(

Strange. What happen if you increase the number of threads and use the
flow load balancing:

af-packet:
  - interface: eth0
    threads: 2
    cluster-id: 99
    cluster-type: cluster_flow
    defrag: yes
    use-mmap: yes


> 
> With pfring and pfring aware network driver:
> driver: e1000e
> version: 2.0.0.1-NAPI
> firmware-version: 0.15-4
> 
> I have 0% packetloss on the same amount of traffic....
> 
> I followed:
> https://home.regit.org/2012/02/using-af_packet-zero-copy-mode-in-suricata/
> 
> for the afpacket ( but the --runmode=worker is incorrect,
> should be --runmode=workers - there are more such typ0s if
> you look at --list-runmodes)

Blog fixed. Thanks for the remark. Regarding the list of runmodes, there
is some stupid typos (my fault I think) but it would break backward
compatibility if we change it now.

BR,

> 
> >From the testing Im doing now, about 50% of the times I stop
> suricata, it wont... One time it spit out some info about
> it taking too long to shut down, and after a little while
> killed itself!
> 
> E
> _______________________________________________
> Oisf-users mailing list
> Oisf-users at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users

-- 
Eric Leblond 
Blog: http://home.regit.org/ - Portfolio: http://regit.500px.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20120704/83e0af19/attachment.sig>

More information about the Oisf-users mailing list