[Oisf-users] Suricata in Intel's DPDK environment

Denis Pearson dennix.pearson at gmail.com
Sun May 29 10:43:35 UTC 2016


On Saturday, May 28, 2016, Andreas Herz <andi at geekosphere.org> wrote:

> On 16/05/16 at 12:44, Vishal Kotalwar V wrote:
> > Hi,
> >
> > I am planning to run suricata in Intel's DPDK framework. I intend to
> > run as an IPS so probably I need to replace NFQ calls with DPDK
> > library calls for packet receive and verdict out along with some
> > memory management related calls; that is my top level


Well, if you are really serious about that, you probably know compat_netmap
exista, and it's functional. You probably know Suricata runs IPS mode under
netmap framework.

http://dpdk.readthedocs.io/en/v16.04/sample_app_ug/netmap_compatibility.html

So a first move in the direction to actually have it running In DPDK
mode with DPDK performance while reusing existing code would be to leverage
on DPDK compat layer with netmap. You wont regret. I personally adjusted a
couple netmap applications to work like that and it saves lota time to find
out the performance difference and investigate if time should be invested
on DPDK when you already have an application running in an other fast
packet processing framework like pf_ring or netmap.

My 2c








> > I know, this is not in Suricata's current road-map but would like to
> > know if anybody has tried this or similar thing before. Your
> > experience can help me a great way. Any advice or pointers in the
> > direction are also welcome.
>
> I talked to a friend who has already done some DPDK related work.
> It seems to be a lot of work with the API and Intel specific parts.
>
> Since we have some Intel people working on hyperscan, there might
> someone with more DPDK background knowledge and how it would fit into
> Suricata.
>
> >
> > Thanks & regards, Vishal V. Kotalwar
>
> > _______________________________________________
> > Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> <javascript:;>
> > Site: http://suricata-ids.org | Support:
> http://suricata-ids.org/support/
> > List:
> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> > Suricata User Conference November 9-11 in Washington, DC:
> http://oisfevents.net
>
>
> --
> Andreas Herz
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> <javascript:;>
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Suricata User Conference November 9-11 in Washington, DC:
> http://oisfevents.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20160529/6fd4ff8c/attachment-0002.html>


More information about the Oisf-users mailing list