[Oisf-users] af-packet and Linux Kernel version
Eric Leblond
eric at regit.org
Mon Nov 14 23:24:36 UTC 2016
Hi,
On Tue, 2016-11-15 at 00:22 +0100, Eric Leblond wrote:
> Hello,
>
> On Mon, 2016-11-14 at 17:14 -0600, Leonard wrote:
> > Does af-packet function ok with kernel 4.4.0?
>
> On mono thread it is ok and feature full. But if you use load
> balancing
> and if you really have a 4.4.0 and not a 4.4.16+, then cluster_flow
> has
> an asymmetric hash so if you use this load balancing mechanism then
> your accuracy will suffer due to asynchronous to_client and to_server
> traffic.
>
> For more info, please check https://redmine.openinfosecfoundation.org
> /p
> rojects/suricata/wiki/Packet_Capture
I meant
http://suricata.readthedocs.io/en/latest/performance/packet-capture.html
Sorry to have pointed to old doc.
BR,
--
Eric Leblond <eric at regit.org>
More information about the Oisf-users
mailing list