[Bro] PF_RING pfring_open() for Endace DAG
Alex Waher
alexwis at gmail.com
Wed Mar 12 16:48:16 PDT 2014
I recall you can duplicate streams with DAG. Something like:
100 all
200 all
color 100 stream 2,4,6,8
color 200 stream 0
..and then have bro use a bpf filter upon the dag0:2,4,6,etc interfaces.
Would take some more digging into the DAG docs to see if you could just
outright apply hash load balancing across those streams as well. Etiher
way, I'm pretty sure this can all be done directly within the DAG card with
no need for pf_ring (the bro integration with pf_ring does make things
wonderfully easy to setup though!)
-Alex
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140312/ef02b8b3/attachment.html
More information about the Bro
mailing list