[Oisf-users] defrag afpacket
Kerry Milestone
Kerry.Milestone at ed.ac.uk
Mon Apr 30 09:36:48 UTC 2018
Hello,
wondering if someone might be able to clarify this a bit for me.
in the afpacket settings, there is:
"In some fragmentation case, the hash can not be computed. If "defrag"
is set to yes, the kernel will do the needed defragmentation before
sending the packets.
defrag: yes"
and there is also the general defrag settings.
"defrag:
memcap: 32mb
hash-size: 65536
trackers: 65535 # number of defragmented flows to follow
max-frags: 65535 # number of fragments to keep (higher than trackers)
prealloc: yes
timeout: 60"
If the primary reason for afpacket to pass packets directly to the
application, will having the kernel defrag packets hit performance or is
this actually more efficient getting the prepared packets off the wire
for suri? What are the 'some fragmentation case' where this is relevant?
Where one receives an awful lot of rather small fragments of varying
legitimacy and volume bursts, is this something which can be absorbed in
the buffer-size, block-timeout etc settings (IDS only)?
Many thanks,
Kerry
--
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.
More information about the Oisf-users
mailing list