[Oisf-users] FreeBSD NETMAP guide

Cloherty, Sean E scloherty at mitre.org
Thu Mar 10 12:29:47 UTC 2016


 . . . and I can't be the only one hoping for the same for CentOS...

-----Original Message-----
From: Oisf-users [mailto:oisf-users-bounces at lists.openinfosecfoundation.org] On Behalf Of elof2 at sentor.se
Sent: Thursday, March 10, 2016 06:48 AM
To: oisf-users at lists.openinfosecfoundation.org
Subject: [Oisf-users] FreeBSD NETMAP guide

Hi all, especially FreeBSD users.

In the docs directory there's an old textfile for FreeBSD 8.

I would greatly appreciate if the FreeBSD users merged together an updated textfile with hints, tips and tricks for FreeBSD 10.x/11.x, with the new NETMAP support.



Examples of topics I'd like:

What hardware (NICs) is known to work good?

rc.conf
- give examples and explain that e.g. options "-lro" and "monitor" should be used (for IDS mode)


What tweaks to put in /etc/sysctl.conf (and /boot/loader.conf???).
- net.bpf.zerocopy_enable=1 ?
- net.bpf.maxbufsize= huge numer? How large? 15% of total RAM?
- kern.ipc.maxsockbuf? kern.threads.max_threads_per_proc? dev.ix.0.fc=0? 
- etc


What config/tweaks to put in suricata.yaml
- specifically for NETMAP
- Mapping CPUs to queues
- recommended runmode
- etc



If you people can feed me your thoughts and experiences, I'm happy to 
put together a new textfile (FreeBSD.NETMAP.txt) for the docs dir.




It's time to show the world that linux+PF-RING isn't the only way to go.

/Elof
_______________________________________________
Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
Suricata User Conference November 9-11 in Washington, DC: http://oisfevents.net


More information about the Oisf-users mailing list