[Zeek] Using af_packet in a host with two nics
Jan Grashöfer
jan.grashoefer at gmail.com
Tue Jan 29 02:11:39 PST 2019
On 29/01/2019 08:33, Carlos Lopez wrote:
> Thanks Michal. Error is "Invalid argument" ... But what is "af_packet_fanout_id"? is it a random value?
From the man page (http://man7.org/linux/man-pages/man7/packet.7.html):
> To scale processing across threads, packet sockets can form a
> fanout group. In this mode, each matching packet is enqueued
> onto only one socket in the group. A socket joins a fanout
> group by calling setsockopt(2) with level SOL_PACKET and
> option PACKET_FANOUT. Each network namespace can have up to
> 65536 independent groups. A socket selects a group by encod‐
> ing the ID in the first 16 bits of the integer option value.
> The first packet socket to join a group implicitly creates it.
> To successfully join an existing group, subsequent packet
> sockets must have the same protocol, device settings, fanout
> mode and flags (see below). Packet sockets can leave a fanout
> group only by closing the socket. The group is deleted when
> the last socket is closed.
So as Michal suggested, you want to configure different fanout IDs for
the both workers to support different NICs.
Jan
More information about the Zeek
mailing list