[Zeek] Using af_packet in a host with two nics
Carlos Lopez
clopmz at outlook.com
Tue Jan 29 02:58:25 PST 2019
Perfect. manay thanks Jan.
Regards,
C. L. Martinez
________________________________________
From: zeek-bounces at zeek.org <zeek-bounces at zeek.org> on behalf of Jan Grashöfer <jan.grashoefer at gmail.com>
Sent: 29 January 2019 11:11
To: zeek at zeek.org
Subject: Re: [Zeek] Using af_packet in a host with two nics
On 29/01/2019 08:33, Carlos Lopez wrote:
> Thanks Michal. Error is "Invalid argument" ... But what is "af_packet_fanout_id"? is it a random value?
From the man page (http://man7.org/linux/man-pages/man7/packet.7.html):
> To scale processing across threads, packet sockets can form a
> fanout group. In this mode, each matching packet is enqueued
> onto only one socket in the group. A socket joins a fanout
> group by calling setsockopt(2) with level SOL_PACKET and
> option PACKET_FANOUT. Each network namespace can have up to
> 65536 independent groups. A socket selects a group by encod‐
> ing the ID in the first 16 bits of the integer option value.
> The first packet socket to join a group implicitly creates it.
> To successfully join an existing group, subsequent packet
> sockets must have the same protocol, device settings, fanout
> mode and flags (see below). Packet sockets can leave a fanout
> group only by closing the socket. The group is deleted when
> the last socket is closed.
So as Michal suggested, you want to configure different fanout IDs for
the both workers to support different NICs.
Jan
_______________________________________________
Zeek mailing list
zeek at zeek.org
http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
More information about the Zeek
mailing list