[Bro-Dev] [JIRA] (BIT-1363) Clustered AF_PACKET support

[Seth Hall (JIRA)]

    [ https://bro-tracker.atlassian.net/browse/BIT-1363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=22008#comment-22008 ] 

Seth Hall commented on BIT-1363:
--------------------------------

Arg!  I should have mentioned that I was working with kernel 3.10!  Thanks guys.  It's nice to have a definitive answer to that.  I read all over the place today and couldn't find a coherent answer to that question.  Now we're going to have other people randomly searching google for an answer to this question and getting directed to this ticket. :)

To reply to Michal's comment about TPACKET_V3, it looks like according to the libpcap changelog that TPACKET_V3 support was added to libpcap 1.5.0 (http://www.tcpdump.org/libpcap-changes.txt) so if you're running a more recent version than that you should already be using that.

> Clustered AF_PACKET support
> ---------------------------
>
>                 Key: BIT-1363
>                 URL: https://bro-tracker.atlassian.net/browse/BIT-1363
>             Project: Bro Issue Tracker
>          Issue Type: New Feature
>          Components: Bro
>    Affects Versions: git/master
>            Reporter: Michal Purzynski
>
> Let's have a support for packet capture with the AF_PACKET sockets in multi worker configuration.
> Bro can use a single worker with af_packet, I have tested and it works, but having a direct support for multi-worker load balancing would allow to avoid the pf_ring for many deployments with the traffic level where DNA / ZC / Myricom / DAG is not required.



--
This message was sent by Atlassian JIRA
(v7.0.0-OD-04-018#70102)