[Oisf-users] Issue with file extraction using 'workers' mode with AF_PACKET
Cooper F. Nelson
cnelson at ucsd.edu
Mon Oct 21 20:01:05 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I think I figured this out, you still need to define the
management-cpu-set in 'worker' mode:
> - management-cpu-set:
> cpu: [ "all" ]
> mode: "balanced"
On 10/21/2013 12:24 PM, Cooper F. Nelson wrote:
> There seems to be an issue with threading/load balancing when enabling
> file extraction in worker+AF_PACKET mode when using auto-flow-pinning.
>
> It looks like some aspect of the file extraction process is not being
> threaded properly and consuming resources on the first core, which in
> turn is causing some pretty extreme packet loss for that CPU.
>
> Leaving file extraction/tracking enabled and disabling the file
> extraction rules fixes the issue; so this seems to be related to the
> 'file store' process. Example of observed packet drops listed below:
- --
Cooper Nelson
Network Security Analyst
UCSD ACT Security Team
cnelson at ucsd.edu x41042
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQEcBAEBAgAGBQJSZYgBAAoJEKIFRYQsa8FWSSEH/3FuzHuSgpn3Zr0amothkkrQ
oBJef/wjUAClVheEcpA46SOe9/WmGmuptedwLHIkUHYiR4XQF57qH/O8nTdHWMxq
OrrgTxWwQRHgdH/h8ANFBHwnjLYdxEBF7i3GHCsy/WiiJ+04Z9rtaviyk1wY/yvr
AtCQNXl+xGZabkCJNwuDf084pRdNg7DEk6mwKE+xtagyKtjgLw5CV/rc0cjmPqrl
rpO5aGryih0Tu0Ky0wTkvuhLUt6gTBNwzIiO65fE0kGgqCOdw9cXEzKpkmrMEMYl
m8lsMneW4ZwVPq2DqkJP5By/4A8dPC9pAA2H9w9IYQZz++bPK6QGOGq2kdgg3Lg=
=T4Vr
-----END PGP SIGNATURE-----
More information about the Oisf-users
mailing list