Snort mailing list archives
Re: Snort 2.9, RHEL 5 and afpacket DAQ
From: Michael Altizer <maltizer () sourcefire com>
Date: Wed, 20 Oct 2010 15:11:15 -0400
I'll be removing this maximum value restriction on the next version. It was there to keep people from shooting themselves in the foot on 32-bit machines with limited low memory, but it's probably not worth the headache it is causing.
On 10/20/2010 03:03 PM, beenph wrote:
In daq_afpacket.c there is a #define which people who would like to set bigger buffer might want to take a look.#define AF_PACKET_MAX_BUFFER_SIZE 128 <SNIP> for (entry = config->values; entry; entry = entry->next) { * if (!strcmp(entry->key, "buffer_size_mb")) size_str = entry->value; * else if (!strcmp(entry->key, "debug")) debug = 1; } /* Fall back to the environment variable. */ if (!size_str) size_str = getenv("AF_PACKET_BUFFER_SIZE"); if (size_str && strcmp("max", size_str) != 0) { size = strtoul(size_str, NULL, 10); if (size > AF_PACKET_MAX_BUFFER_SIZE) * size = AF_PACKET_MAX_BUFFER_SIZE; * } * ** else size = AF_PACKET_MAX_BUFFER_SIZE; * /* The size is specified in megabytes. */ size = size * 1024 * 1024; </SNIP>On Wed, Oct 20, 2010 at 2:19 PM, Mike Lococo <mikelococo () gmail com <mailto:mikelococo () gmail com>> wrote:On 10/20/2010 01:35 PM, Eoin Miller wrote: > afpacket is nearly identical to mmap'd libpcap. Just give afpacket a > bigger buffer and the performace should be extremely comprable, and you > don't have to use super old libpcap anymore. I think what Ralf is asserting, and Rich and confirming, is that buffer sizes larger than ~50MB are failing with afpacket (but not with the Woods patches)... so it is not (yet) possible to use a comparable buffer size for some unknown reason. Cheers, Mike Lococo ------------------------------------------------------------------------------ Nokia and AT&T present the 2010 Calling All Innovators-North America contest Create new apps & games for the Nokia N8 for consumers in U.S. and Canada $10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store http://p.sf.net/sfu/nokia-dev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net <mailto:Snort-users () lists sourceforge net> Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------------------------------ Nokia and AT&T present the 2010 Calling All Innovators-North America contest Create new apps& games for the Nokia N8 for consumers in U.S. and Canada $10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store http://p.sf.net/sfu/nokia-dev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ Nokia and AT&T present the 2010 Calling All Innovators-North America contest Create new apps & games for the Nokia N8 for consumers in U.S. and Canada $10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store http://p.sf.net/sfu/nokia-dev2dev
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: Snort 2.9, RHEL 5 and afpacket DAQ, (continued)
- Re: Snort 2.9, RHEL 5 and afpacket DAQ Russ Combs (Oct 18)
- Re: Snort 2.9, RHEL 5 and afpacket DAQ Ralf Spenneberg (Oct 18)
- Re: Snort 2.9, RHEL 5 and afpacket DAQ Michael Altizer (Oct 18)
- Re: Snort 2.9, RHEL 5 and afpacket DAQ Ralf Spenneberg (Oct 19)
- Re: Snort 2.9, RHEL 5 and afpacket DAQ Ralf Spenneberg (Oct 20)
- Re: Snort 2.9, RHEL 5 and afpacket DAQ Michael Altizer (Oct 20)
- Re: Snort 2.9, RHEL 5 and afpacket DAQ Russ Combs (Oct 18)
- Re: Snort 2.9, RHEL 5 and afpacket DAQ Eoin Miller (Oct 20)
- Re: Snort 2.9, RHEL 5 and afpacket DAQ Mike Lococo (Oct 20)
- Re: Snort 2.9, RHEL 5 and afpacket DAQ beenph (Oct 20)
- Re: Snort 2.9, RHEL 5 and afpacket DAQ Michael Altizer (Oct 20)
- Re: Snort 2.9, RHEL 5 and afpacket DAQ Rich Graves (Oct 20)
- Re: Snort 2.9, RHEL 5 and afpacket DAQ Michael Altizer (Oct 20)
- Re: Snort 2.9, RHEL 5 and afpacket DAQ [~Solved?] Michael Altizer (Oct 20)
- Re: Snort 2.9, RHEL 5 and afpacket DAQ [~Solved?] Michael Altizer (Oct 20)
- Re: Snort 2.9, RHEL 5 and afpacket DAQ [~Solved?] Russ Combs (Oct 20)
- Re: Snort 2.9, RHEL 5 and afpacket DAQ [~Solved?] Rich Graves (Oct 21)
- Re: Snort 2.9, RHEL 5 and afpacket DAQ [~Solved?] Michael Altizer (Oct 22)