[Zeek] Using af_packet in a host with two nics
Carlos Lopez
clopmz at outlook.com
Tue Jan 29 10:18:03 PST 2019
Uhmm ... I have changed my config to:
[prod-ids]
type=worker
host=172.22.58.2
interface=af_packet::eth2
af_packet_fanout_id=5
#
[dmz-ids]
type=worker
host=172.22.58.2
interface=af_packet::eth3
af_packet_fanout_id=10
But it doesn't work. Error is:
fatal error: problem with interface af_packet::eth2 (Invalid argument)
Regards,
C. L. Martinez
On 29/01/2019, 11:31, "zeek-bounces at zeek.org on behalf of Jan Grashöfer" <zeek-bounces at zeek.org on behalf of jan.grashoefer at gmail.com> wrote:
On 29/01/2019 08:33, Carlos Lopez wrote:
> Thanks Michal. Error is "Invalid argument" ... But what is "af_packet_fanout_id"? is it a random value?
From the man page (http://man7.org/linux/man-pages/man7/packet.7.html):
> To scale processing across threads, packet sockets can form a
> fanout group. In this mode, each matching packet is enqueued
> onto only one socket in the group. A socket joins a fanout
> group by calling setsockopt(2) with level SOL_PACKET and
> option PACKET_FANOUT. Each network namespace can have up to
> 65536 independent groups. A socket selects a group by encod‐
> ing the ID in the first 16 bits of the integer option value.
> The first packet socket to join a group implicitly creates it.
> To successfully join an existing group, subsequent packet
> sockets must have the same protocol, device settings, fanout
> mode and flags (see below). Packet sockets can leave a fanout
> group only by closing the socket. The group is deleted when
> the last socket is closed.
So as Michal suggested, you want to configure different fanout IDs for
the both workers to support different NICs.
Jan
_______________________________________________
Zeek mailing list
zeek at zeek.org
http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
More information about the Zeek
mailing list