[Oisf-users] af-packet and Linux Kernel version
Eric Leblond
eric at regit.org
Mon Nov 14 23:22:40 UTC 2016
Hello,
On Mon, 2016-11-14 at 17:14 -0600, Leonard wrote:
> Does af-packet function ok with kernel 4.4.0?
On mono thread it is ok and feature full. But if you use load balancing
and if you really have a 4.4.0 and not a 4.4.16+, then cluster_flow has
an asymmetric hash so if you use this load balancing mechanism then
your accuracy will suffer due to asynchronous to_client and to_server
traffic.
For more info, please check https://redmine.openinfosecfoundation.org/p
rojects/suricata/wiki/Packet_Capture
BR,
--
Eric Leblond <eric at regit.org>
More information about the Oisf-users
mailing list