[Bro-Dev] [JIRA] (BIT-1363) Clustered AF_PACKET support
Michal Purzynski (JIRA)
jira at bro-tracker.atlassian.net
Sun Sep 27 12:34:01 PDT 2015
[ https://bro-tracker.atlassian.net/browse/BIT-1363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=22300#comment-22300 ]
Michal Purzynski commented on BIT-1363:
---------------------------------------
After talking with some people who implemented both libpcap based and raw af_packet functionality recently and testing it myself, I've learned one cannot simply add fanout options to a socket services by libpcap and expect it to work.
If we want fanout we have to use af_packet directly.
Libpcap when opened by multiple processes will deliver the same packets to each of them. Adding fanout changes nothing.
> Clustered AF_PACKET support
> ---------------------------
>
> Key: BIT-1363
> URL: https://bro-tracker.atlassian.net/browse/BIT-1363
> Project: Bro Issue Tracker
> Issue Type: New Feature
> Components: Bro
> Affects Versions: git/master
> Reporter: Michal Purzynski
>
> Let's have a support for packet capture with the AF_PACKET sockets in multi worker configuration.
> Bro can use a single worker with af_packet, I have tested and it works, but having a direct support for multi-worker load balancing would allow to avoid the pf_ring for many deployments with the traffic level where DNA / ZC / Myricom / DAG is not required.
--
This message was sent by Atlassian JIRA
(v7.0.0-OD-06-002#70102)
More information about the bro-dev
mailing list