<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>
</head>
<body dir="ltr">
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
Hi,</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
Might be other efforts out there, but I'll note that I messed with this a (large number of) years ago on a small zeek cluster setup.<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
I didn't find the results of a straightforward (e.g. rewriting a packet driver) implementation to be terribly encouraging: there was an existing implementation that supported ingest from Netmap and PF_RING which did pretty well already, and the vast majority
of zeek's time was spent in script processing anyway. Thus I found the results to be somewhat ... underwhelming, given the work / likely maintenance effort involved. A port of PacketBricks [1] might've been an interesting alternative approach, but was outside
of the scope of the academic work I was doing at the time.<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
One thing I did have some success with was using DPDK to implement a very limited version of a sensor in C, and forwarding events from that to the larger zeek cluster through broccoli. That had utility in cases where a large percentage of the traffic was a
specific type (and thus would take a well-known path through zeek script), and the number of events generated was relatively limited in relation to the traffic volume. This is, however, likely only suited for some pretty niche use-cases.<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
Good luck,</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
Gilbert Clark<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
[1] <a href="https://github.com/zeek/packet-bricks" id="LPlnk496280">https://github.com/zeek/packet-bricks</a><br>
</div>
<div id="appendonsend"></div>
<hr style="display:inline-block;width:98%" tabindex="-1">
<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>From:</b> zeek-bounces@zeek.org <zeek-bounces@zeek.org> on behalf of Tarun Anand <anandtarun2@gmail.com><br>
<b>Sent:</b> Monday, September 9, 2019 7:12 AM<br>
<b>To:</b> zeek@zeek.org <zeek@zeek.org><br>
<b>Subject:</b> [Zeek] Is there any implementation of Zeek/Bro with DPDK</font>
<div> </div>
</div>
<div>
<div dir="ltr">
<div dir="ltr" class="x_gmail_attr">Hello All<br>
</div>
<div dir="ltr">
<div><br>
</div>
<div>I would like to know if there is any prior/ ongoing work to implement Zeek on top of DPDK?</div>
<div><br>
</div>
<div>Thank You</div>
<div><br>
</div>
<div>Regards</div>
<div>Tarun Anand</div>
<div></div>
</div>
</div>
</div>
</body>
</html>