[Zeek] R: Zeek and myricom NICs
Michał Purzyński
michalpurzynski1 at gmail.com
Thu Sep 12 00:41:19 PDT 2019
Libpcap also makes (with some capture technologies) two calls per packet - one to get the packet and another to get the time stamp. That kills the performance.
When I was developing the early version of the myricom Zeek plugin, I didn’t really notice much, of any, performance improvement.
Btw you can use upstream libpcap and build it yourself against SNF. But why. Get the plugin. It’s easier.
If there are some missing pieces in the plugin I ought be able to help. We not longer have myricoms in production but I keep them in stage servers, for the community ;)
> On Sep 12, 2019, at 12:21 AM, Palumbo Mauro <mauro.palumbo at aizoon.it> wrote:
>
> Is anyone aware of other bugs in libpcap? I think this is valuable information to share to the community...
>
> Mauro
>
> -----Messaggio originale-----
> Da: Seth Hall [mailto:seth at corelight.com]
> Inviato: mercoledì 11 settembre 2019 22:37
> A: Justin Azoff <justin at corelight.com>
> Cc: Palumbo Mauro <mauro.palumbo at aizoon.it>; zeek <zeek at zeek.org>
> Oggetto: Re: [Zeek] Zeek and myricom NICs
>
>
>
>> On 11 Sep 2019, at 10:03, Justin Azoff wrote:
>>
>> A few years ago I found a bug in the snfv3 shipped libpcap where
>> pcap_next would return the previous packet when no packets were
>> available instead of returning NULL. As far as I know it's still not
>> fixed.
>
> Hah! I feel like I've seen little problems in every libpcap wrapper I've ever worked with. Never the same problem. :)
>
> .Seth
>
> --
> Seth Hall * Corelight, Inc * www.corelight.com
>
> _______________________________________________
> Zeek mailing list
> zeek at zeek.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
More information about the Zeek
mailing list