[Oisf-users] af-packet and Linux Kernel version
Leonard
ljacobs at netsecuris.com
Mon Nov 14 23:40:36 UTC 2016
Thanks Eric.
So 4.6 or 4.7 is better?
Sent from my iPhone
> On Nov 14, 2016, at 5:22 PM, Eric Leblond <eric at regit.org> wrote:
>
> Hello,
>
>> On Mon, 2016-11-14 at 17:14 -0600, Leonard wrote:
>> Does af-packet function ok with kernel 4.4.0?
>
> On mono thread it is ok and feature full. But if you use load balancing
> and if you really have a 4.4.0 and not a 4.4.16+, then cluster_flow has
> an asymmetric hash so if you use this load balancing mechanism then
> your accuracy will suffer due to asynchronous to_client and to_server
> traffic.
>
> For more info, please check https://redmine.openinfosecfoundation.org/p
> rojects/suricata/wiki/Packet_Capture
>
> BR,
> --
> Eric Leblond <eric at regit.org>
More information about the Oisf-users
mailing list