[Oisf-users] af-packet and Linux Kernel version
Eric Leblond
eric at regit.org
Tue Nov 15 08:57:23 UTC 2016
Hi,
On Mon, 2016-11-14 at 17:40 -0600, Leonard wrote:
> Thanks Eric.
>
> So 4.6 or 4.7 is better?
After 4.4.16 the problem is fixed on the 4.4 branch. Most distribution
shipping 4.4.x have a fixed version now. So I would not recommend
getting on 4.6 on 4.7 for just af_packet.
BR,
>
> Sent from my iPhone
>
> > On Nov 14, 2016, at 5:22 PM, Eric Leblond <eric at regit.org> wrote:
> >
> > Hello,
> >
> > > On Mon, 2016-11-14 at 17:14 -0600, Leonard wrote:
> > > Does af-packet function ok with kernel 4.4.0?
> >
> > On mono thread it is ok and feature full. But if you use load
> > balancing
> > and if you really have a 4.4.0 and not a 4.4.16+, then cluster_flow
> > has
> > an asymmetric hash so if you use this load balancing mechanism then
> > your accuracy will suffer due to asynchronous to_client and
> > to_server
> > traffic.
> >
> > For more info, please check https://redmine.openinfosecfoundation.o
> > rg/p
> > rojects/suricata/wiki/Packet_Capture
> >
> > BR,
> > --
> > Eric Leblond <eric at regit.org>
>
>
--
Eric Leblond <eric at regit.org>
More information about the Oisf-users
mailing list