[Oisf-users] Custom logging module and packet order
Victor Julien
lists at inliniac.net
Fri Feb 12 18:30:18 UTC 2016
On 11-02-16 21:32, Paul Apostolescu wrote:
> I'm looking to write a thread module to implement a custom packet logger
> and I have a few questions:
> 1) are the packets received by a certain thread (same ThreadVars)
> belonging to the same flows
Normally yes. But it depends on the capture method. If you set
afpacket's cluster mode to round robin, then no.
> 2) are they received after they've been reordered
No, you get them as they come in. No reordering is done.
> In other words do the flows have a logical thread affinity (they're not
> spread across different logical threads) and are the packets for the
> flows received in order.
>
> Based on reading the docs looks like the answer is yes for both
> regardless of the run mode.
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list