[Oisf-users] af_packet and rss queue count
Victor Julien
lists at inliniac.net
Fri Jan 27 12:49:26 UTC 2017
On 27-01-17 05:44, Michał Purzyński wrote:
> Why is it faster with GRO than without it? We are saving lots of
> function calls done per packet and just fetch entire NN kB from the
> DMA-area.
>
> An important point to remember - it is NOT about the bandwidth, it is
> all about the latency. Calling each function takes nn nanoseconds and
> there are only that many nanoseconds you have before next packet
> overwrites your data.
Keep in mind that GRO will break Suricata's dsize keyword, at least
where it's used to match on specific or maximum packet sizes. There are
776 rules using dsize in some form in current ETopen, so you may loose
some real detection.
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list