Snort mailing list archives
A mutithreaded DPDK DAQ Module for Snort 3.0
From: Nacht Z <NachtZ () outlook com>
Date: Tue, 13 Sep 2016 14:18:22 +0000
Hello Everyone: I have implemented a multithreaded DPDK DAQ module for daq 2.10 and snort 3.0. Here is the project link in github:DPDK_DAQ<https://github.com/NachtZ/daq_dpdk>. The link is a complete daq-2.1.0 project and a guide about how to install and use the mode in snort 3.0. This module supports multithread and have changed relationship between snort3.0’s pigs(infact that’s thread’s another name in snort3.0) and NICs. A pig can only have one NIC in dpdk module. So if you want to run muti-nics, you should use -z option in snort3. If not, you can only use one nic in fact. I have also test the performance by using Spirent Test Center. I linked the snort and Test Center like this: Spirent Port0 <--------------> Snort Port2 ↑ ↑ | | | | ↓ ↓ Spirent Port1 <--------------> Snort Port3 I send packets from the port0 to port2 and port1 to port3. The snort(run inline mode and with bps mode ‘not ip’) forward the flows as the link port2 -> port3-> port1 and port3->port2->port0 at the same time. In my 82599ES, I can run nealy full speed(99%) in 10G LAN mode without losing packets.(But when I run 100 speed it will lose 4445/500000000 packets.) This project is based on daq_netmap.c module and Tiwei Bie’s project<https://sourceforge.net/p/snort/mailman/message/35162409/>. Any comments would be appreciated. Thanks a lot! Best wishes NachtZ
------------------------------------------------------------------------------
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- A mutithreaded DPDK DAQ Module for Snort 3.0 Nacht Z (Sep 13)
- Re: A mutithreaded DPDK DAQ Module for Snort 3.0 Michael Altizer (Sep 15)
- 答复: A mutithreaded DPDK DAQ Module for Snort 3.0 Nacht Z (Sep 15)
- Re: 答复: A mutithreaded DPDK DAQ Module for Snort 3.0 Zhu, Heqing (Sep 16)
- 答复: A mutithreaded DPDK DAQ Module for Snort 3.0 Nacht Z (Sep 15)
- Re: A mutithreaded DPDK DAQ Module for Snort 3.0 Michael Altizer (Sep 15)