[Bro-Dev] [JIRA] (BIT-1363) Clustered AF_PACKET support
Michal Purzynski (JIRA)
jira at bro-tracker.atlassian.net
Fri Apr 3 13:16:00 PDT 2015
[ https://bro-tracker.atlassian.net/browse/BIT-1363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=20237#comment-20237 ]
Michal Purzynski commented on BIT-1363:
---------------------------------------
http://man7.org/linux/man-pages/man7/packet.7.html
PACKET_FANOUT_HASH, sends packets from
the same flow to the same socket to maintain per-flow
ordering. For each packet, it chooses a socket by taking
the packet flow hash modulo the number of sockets in the
group, where a flow hash is a hash over network-layer
address and optional transport-layer port fields.
So each process would need to create a socket and join the same group of sockets with setsockopt() and begin receiving packets.
FANOUT_HASH has even an optional defragmenting support.
> Clustered AF_PACKET support
> ---------------------------
>
> Key: BIT-1363
> URL: https://bro-tracker.atlassian.net/browse/BIT-1363
> Project: Bro Issue Tracker
> Issue Type: New Feature
> Components: Bro
> Affects Versions: git/master
> Reporter: Michal Purzynski
>
> Let's have a support for packet capture with the AF_PACKET sockets in multi worker configuration.
> Bro can use a single worker with af_packet, I have tested and it works, but having a direct support for multi-worker load balancing would allow to avoid the pf_ring for many deployments with the traffic level where DNA / ZC / Myricom / DAG is not required.
--
This message was sent by Atlassian JIRA
(v6.4-OD-16-006#64014)
More information about the bro-dev
mailing list