[Oisf-users] EXTERNAL: Re: [TIL] pcap.buffer-size yaml setting unused with Myricom Sniffer10g
Rasmor, Zachary R
zachary.r.rasmor at lmco.com
Tue May 19 14:15:33 UTC 2015
Hi Victor,
I have updated the Myricom wiki page with the information below, as well as
additional information that we've gathered from our testing.
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Myricom
Hope it helps.
Zach
________________________
Zach Rasmor
Email: zachary.r.rasmor at lmco.com
Office: 301.240.6116
-----Original Message-----
From: oisf-users-bounces at lists.openinfosecfoundation.org
[mailto:oisf-users-bounces at lists.openinfosecfoundation.org] On Behalf Of
Victor Julien
Sent: Tuesday, May 19, 2015 3:25 AM
To: oisf-users at lists.openinfosecfoundation.org
Subject: EXTERNAL: Re: [Oisf-users] [TIL] pcap.buffer-size yaml setting
unused with Myricom Sniffer10g
Hi Zach,
On 05/15/2015 08:15 PM, Rasmor, Zachary R wrote:
> This will only be relevant to folks using Myricom cards, but I wanted
> to share something I learned today.
>
>
>
> As I'm sure you know, Myricom provides a libpcap wrapper around its
> native SNF APIs. I had been unsure for a while how the
> pcap.buffer-size YAML setting was used within SNF. My testing yielded
> no noticeable difference in Suricata when adjusting this value,
> however I wanted to be sure. I tracked this value to a call to
> pcap_set_buffer_size (a libpcap
> API) within the Suricata source code. I then began an exchange with
> Myricom support regarding how SNF handles the pcap_set_buffer_size()
> API. Here was the response:
>
>
>
> "The libpcap interface to Sniffer10G ignores the
> pcap_set_buffer_size() value. The call to snf_open() uses zero as the
> dataring_size which informs the Sniffer library to use a default value
> or the value from the SNF_DATARING_SIZE environment variable."
>
>
>
> They also cited a pull request to add support for setting the
> SNF_DATARING_SIZE using the value from pcap_set_buffer_size().
>
>
>
> "I've submitted this change to the libpcap maintainers
> at
> https://github.com/the-tcpdump-group/libpcap/compare/master...myri:mas
> ter as pull request 435."
>
>
>
> In summary, the pcap.buffer-size YAML setting is currently ignored
> when using Myricom SNF, however a future release should provide
> support for using the pcap.buffer-size to set the SNF_DATARING_SIZE
> from within the YAML file instead of an environment variable.
>
>
Could you update this wiki page with this insight?
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Myricom
Thanks!
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
_______________________________________________
Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
Suricata User Conference November 4 & 5 in Barcelona: http://oisfevents.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 11767 bytes
Desc: not available
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20150519/ac080aaa/attachment-0002.bin>
More information about the Oisf-users
mailing list