[Oisf-users] Suricata in Intel's DPDK environment
Vishal Kotalwar V
vishalkv at altencalsoftlabs.com
Tue May 31 10:49:04 UTC 2016
Thanks Andreas & Denis for the info. And yes you got it right that I want to put suricata in fast packet processing path. Will definitely take a look at compat_netmap.
It would be really helpful, If you could share your friend's email who has done Suricata+DPDK work.
Thanks & regards,
Vishal V. Kotalwar
From: "Denis Pearson" <dennix.pearson at gmail.com>
To: "Andreas Herz" <andi at geekosphere.org>
Cc: "oisf-users" <oisf-users at lists.openinfosecfoundation.org>
Sent: Sunday, May 29, 2016 4:13:35 PM
Subject: Re: [Oisf-users] Suricata in Intel's DPDK environment
On Saturday, May 28, 2016, Andreas Herz < andi at geekosphere.org > wrote:
On 16/05/16 at 12:44, Vishal Kotalwar V wrote:
> Hi,
>
> I am planning to run suricata in Intel's DPDK framework. I intend to
> run as an IPS so probably I need to replace NFQ calls with DPDK
> library calls for packet receive and verdict out along with some
> memory management related calls; that is my top level
Well, if you are really serious about that, you probably know compat_netmap exista, and it's functional. You probably know Suricata runs IPS mode under netmap framework.
http://dpdk.readthedocs.io/en/v16.04/sample_app_ug/netmap_compatibility.html
So a first move in the direction to actually have it running In DPDK mode with DPDK performance while reusing existing code would be to leverage on DPDK compat layer with netmap. You wont regret. I personally adjusted a couple netmap applications to work like that and it saves lota time to find out the performance difference and investigate if time should be invested on DPDK when you already have an application running in an other fast packet processing framework like pf_ring or netmap.
My 2c
BQ_BEGIN
> I know, this is not in Suricata's current road-map but would like to
> know if anybody has tried this or similar thing before. Your
> experience can help me a great way. Any advice or pointers in the
> direction are also welcome.
I talked to a friend who has already done some DPDK related work.
It seems to be a lot of work with the API and Intel specific parts.
Since we have some Intel people working on hyperscan, there might
someone with more DPDK background knowledge and how it would fit into
Suricata.
>
> Thanks & regards, Vishal V. Kotalwar
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Suricata User Conference November 9-11 in Washington, DC: http://oisfevents.net
--
Andreas Herz
_______________________________________________
Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
Suricata User Conference November 9-11 in Washington, DC: http://oisfevents.net
BQ_END
_______________________________________________
Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
Suricata User Conference November 9-11 in Washington, DC: http://oisfevents.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20160531/bf59971c/attachment-0002.html>
More information about the Oisf-users
mailing list