Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Intel X520 and Multi-Queue Snort

From: Mike Lococo <mikelococo () gmail com>
Date: Thu, 12 May 2011 18:22:17 -0400
Will,


Read up on TNAPI.  It is explicitly designed to do what you want I
think, as long as your card uses a TNAPI driver.  I realize this isn't
a "native" solution, but, I don't know of any, so....

http://www.ntop.org/TNAPI.html


Thanks for your response.  I've actually read that document several
times in the past, but I don't think I was prepared to fully understand
its implications until just now:

1) There are no in-kernel native linux-drivers that expose
multiple-queues to userspace.
2) For the hardware it supports (which includes X520's based on the
82599 chipset), PFRING + TNAPI is the solution to that problem.

My mind has been warped by years of primarily snorting on Endace
hardware where the standard network stack is bypassed by proprietary
drivers which are the only way to drive the hardware at all.  Those
drivers do natively expose the multiple queues in the hardware, which
colored my expectation coming into this discussion.

I'll start testing PFRING.  Thanks for the feedback.

Cheers,
Mike Lococo

------------------------------------------------------------------------------
Achieve unprecedented app performance and reliability
What every C/C++ and Fortran developer should know.
Learn how Intel has extended the reach of its next-generation tools
to help boost performance applications - inlcuding clusters.
http://p.sf.net/sfu/intel-dev2devmay
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: