[Oisf-users] Issues with Application Layer Filtering

Jason Batchelor jxbatchelor at gmail.com
Fri Jun 6 21:22:58 UTC 2014


Here is the output of both:

ethtool -k p4p2
Features for p4p2:
rx-checksumming: off
tx-checksumming: off
        tx-checksum-ipv4: off
        tx-checksum-ip-generic: off [fixed]
        tx-checksum-ipv6: off
        tx-checksum-fcoe-crc: on [fixed]
        tx-checksum-sctp: off
scatter-gather: off
        tx-scatter-gather: off
        tx-scatter-gather-fraglist: off [fixed]
tcp-segmentation-offload: off
        tx-tcp-segmentation: off
        tx-tcp-ecn-segmentation: off [fixed]
        tx-tcp6-segmentation: off
udp-fragmentation-offload: off [fixed]
generic-segmentation-offload: off
generic-receive-offload: off
large-receive-offload: off
rx-vlan-offload: off
tx-vlan-offload: off
ntuple-filters: off
receive-hashing: on
highdma: on [fixed]
rx-vlan-filter: on
vlan-challenged: off [fixed]
tx-lockless: off [fixed]
netns-local: off [fixed]
tx-gso-robust: off [fixed]
tx-fcoe-segmentation: on [fixed]
tx-gre-segmentation: off [fixed]
tx-ipip-segmentation: off [fixed]
tx-sit-segmentation: off [fixed]
tx-udp_tnl-segmentation: off [fixed]
tx-mpls-segmentation: off [fixed]
fcoe-mtu: off [fixed]
tx-nocache-copy: off
loopback: off [fixed]
rx-fcs: off [fixed]
rx-all: off
tx-vlan-stag-hw-insert: off [fixed]
rx-vlan-stag-hw-parse: off [fixed]
rx-vlan-stag-filter: off [fixed]
l2-fwd-offload: off

Also, these are the optimizations I have made based off the following
article:

http://dak1n1.com/blog/7-performance-tuning-intel-10gbe

# -- 10gbe tuning from Intel ixgb driver README -- #
# turn off selective ACK and timestamps
net.ipv4.tcp_sack = 0
net.ipv4.tcp_timestamps = 0
# memory allocation min/pressure/max.
# read buffer, write buffer, and buffer space
net.ipv4.tcp_rmem = 10000000 10000000 10000000
net.ipv4.tcp_wmem = 10000000 10000000 10000000
net.ipv4.tcp_mem = 10000000 10000000 10000000
*net.core.rmem_max = 524287*
net.core.wmem_max = 524287
*net.core.rmem_default = 524287*
net.core.wmem_default = 524287
net.core.optmem_max = 524287
*net.core.netdev_max_backlog = 300000*



On Fri, Jun 6, 2014 at 3:20 PM, Cooper F. Nelson <cnelson at ucsd.edu> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> What is the output of 'ethtool -k' for your capture interface?
>
> What are your sysctl settings for these variables?
>
> net.core.netdev_max_backlog
> net.core.rmem_default
> net.core.rmem_max
>
> On 6/6/2014 1:14 PM, Jason Batchelor wrote:
> >
> > I hit reliably both on the wire and on a pcap. This is why I feel there
> > has to be some issue with application layer processing. I am somewhat
> > perplexed by this and seek any guidance those with more experience may
> > be able to give. Thanks in advance!
> >
>
> - --
> Cooper Nelson
> Network Security Analyst
> UCSD ACT Security Team
> cnelson at ucsd.edu x41042
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.17 (MingW32)
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQEcBAEBAgAGBQJTkiJ9AAoJEKIFRYQsa8FWdOgH/1dOj5yLjXsMF0AugkweRL/y
> tuFcJBnl8i9yrQHxG/zgl8SKroIL5Vbl9gBAbwqleJuyOTo9Dw4fE9Uj1p2cOt2w
> Iss0VXgTIURmJvOUQD/KB6Dmih/3XgPeCr+M4aRPXoVdjMpV+MYkH0cJE2ES4hjy
> cH1ecvGqAPwHGsbGOKr/ij9RbG1UdffK8P34SYnZg/w3QARaEa+k8lGQwVEdwbRt
> Lbu8+Izi24yCd8SNAAqqQMuO0lWoRTRjO5j0HAagD4PenlAHG3kGcjz8L+Dva+ng
> T4YiCZRyWwg70lDTkojCYuUOTZ6WTP1pTbJcHunbZtO0W8n3zQuWhDWPsCLpx7E=
> =MDfe
> -----END PGP SIGNATURE-----
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20140606/0b3d93b6/attachment-0002.html>


More information about the Oisf-users mailing list