[Oisf-users] Suricata with PF_RING on latest git
Victor Julien
victor at inliniac.net
Fri Jul 6 11:40:24 UTC 2012
On 07/06/2012 01:18 PM, Doug Burks wrote:
> I'm currently working on rebuilding my Security Onion distro on Ubuntu
> 12.04 64-bit and am looking at pfring vs afpacket, so this is a very
> interesting discussion. I like the simplicity of Suricata's afpacket
> fanout support, but since we also run Bro, we'd have to do pfring
> anyway. And since we have non-pfring applications (like daemonlogger)
> and have to support as many NICs as possible, we'd be using pfring
> transparent_mode 0. So given all that, should we go with pfring for
> Suricata, or is there some advantage to using afpacket in this
> scenario?
If you're doing PF_RING anyway, it's probably best to use it in Suricata
as well. I think people are reporting the best performance with it,
better than AF_PACKET currently.
Cheers,
Victor
> Thanks,
> Doug
>
> On Fri, Jul 6, 2012 at 4:21 AM, Victor Julien <victor at inliniac.net> wrote:
>> On 07/06/2012 10:17 AM, Anoop Saldanha wrote:
>>>>> And I can verify, if you run pfring, it wont die if you dont send
>>>>>>> packets.
>>>>>
>>>>> Yeah, no packets, no shutdown. Blame pfring :)
>>>>>
>>> Maybe wait for 'x' seconds an if it hasn't shutdown as yet, inject a
>>> packet to trigger shutdown.
>>>
>>
>> That would be injecting on the wire, and then even account for the
>> number of reader threads and the various cluster options. Way too
>> complicated IMO.
>>
>> I think Luca was working on a timeout feature at some point, not sure
>> what the status is.
>>
>> --
>> ---------------------------------------------
>> Victor Julien
>> http://www.inliniac.net/
>> PGP: http://www.inliniac.net/victorjulien.asc
>> ---------------------------------------------
>>
>>
>>
>> _______________________________________________
>> Oisf-users mailing list
>> Oisf-users at openinfosecfoundation.org
>> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
>
>
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list