[Bro] A few questions
powellsm at musc.edu
Wed Feb 3 11:22:34 PST 2010
Yes, I went with the click setup as provided by Justin and so far so good. I'm not dropping any packets yet.
Justin - thanks again for the config.
From: Robin Sommer [mailto:robin at icir.org]
Sent: Wednesday, February 03, 2010 12:03 PM
To: Powell, Scott
Cc: bro at ICSI.Berkeley.EDU
Subject: Re: [Bro] A few questions
On Tue, Feb 02, 2010 at 13:53 -0500, Powell, Scott wrote:
> Given our current setup, how would I go about these BPF tricks to
> leverage multiple cores on a single machine?
The click setup already mentioned is probably the better solution,
but when using BPF, you would give each worker a different BPF
filter ignoring all but its slice of the traffic. One can express
the hash "(src+dst) mod n" in BPF (let me know if you want the exact
Robin Sommer * Phone +1 (510) 666-2886 * robin at icir.org
ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org
More information about the Bro