[Bro] Does BPF filter of worker has the ability of packet retransmition
Vern Paxson
vern at corelight.com
Sun Sep 23 13:55:16 PDT 2018
> "The packets can then be passed directly to a monitoring host where
> each worker has a BPF filter to limit its visibility to only that stream
> of flows, or onward to a commodity switch to split the traffic out to
> multiple 1G interfaces for the workers."
>
> Does this sentence means worker`s BPF filter can retransmit packets to other switch?
The "or onward" part is talking about what the front-end does, rather than
what the workers do. The front end *either* sends all packets to a host
for which each individual worker applies a (disjoint) BPF filter to the
stream to pick out those flows specifically for it; *or* the front end can
send the traffic to a switch that explicitly load-balances the traffic
across multiple 1G interfaces.
Vern
More information about the Bro
mailing list