[Bro] Select Loop
Robin Sommer
robin at icir.org
Wed Apr 2 13:43:17 PDT 2008
On Wed, Apr 02, 2008 at 13:20 -0600, Joel Ebrahimi wrote:
> I have been working on Bro on both an Intell and Bivio platform. On the
> Bivio system there is some strange occurence where if I my capture_filters
> are excluding traffic it will cause the application to periodically stall
> and completley destroy performance.
What OS is the Bivio platform running? We've recently been seeing
stalls with FreeBSD 7 which sound pretty similar to what you
describe. My guess is that the FB7 problems are related to
non-blocking pcap as well because Bro seems to be the only
application which triggers them.
> This build will not to communicate with other nodes so this sounds like a
> perfect solution.
(There's actually a bit more functionality which in principle could
stall, such as async DNS lookups (not a problem) or the new NetFlow
analyzer (which isn't in trunk yet)). But in any case, as long as
you have a steady stream of packets on the wire, pcap will always
have something to pass back to Bro and thus not block anyway.)
Robin
--
Robin Sommer * Phone +1 (510) 666-2886 * robin at icir.org
ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org
More information about the Bro
mailing list