[Bro] PF_RING for Bro

Sunjeet Singh sstattla at gmail.com
Mon Dec 13 14:50:11 PST 2010


Alternatively, can I have the source code for multi-threaded Bro? : )

Sunjeet


On 10-12-13 2:44 PM, Sunjeet Singh wrote:
> Hi,
>
> I am looking at increasing the performance of Bro by making use of 
> PF_RING and TNAPI, at the kernel and driver level in Linux. These 
> existing tools from http://www.ntop.org/news.php allow multi-threaded 
> applications to drastically increase performance by making use of 
> functionality that exists in several network cards today.
>
> While PF_RING, TNAPI and other network-card functionality allow for 
> phenomenal speed-up, they have to be tuned right or else they can lead 
> to a negative effect on performance. So I'm trying to determine how to 
> tune them to meet Bro's needs.
>
> As Multi-threaded Bro is not ready yet, I am trying to think of a 
> SIMPLE application that can best characterize the Bro workload. The 
> design criteria that I have for this application so far is-
>
> 1. Send every packet belonging to a particular connection to the same 
> core.
> 2. Introduce a small wait on every packet to simulate Bro's processing 
> of that packet? What will be a good value?
>
> I'd be very interested to have everyone's opinion on this. I really am 
> looking for a very simple algorithm that will be a right approximation.
>
>
> Thank you,
> Sunjeet Singh
>
>




More information about the Bro mailing list