Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Kernel space Snort. Proof of concept test succeeded.

From: "Alex Butcher, ISC/ISYS" <Alex.Butcher () bristol ac uk>
Date: Wed, 15 Sep 2004 09:23:56 +0100


--On 15 September 2004 10:20 +0200 Willem de Bruijn <wdebruij () dds nl> wrote:


Hi Alex,


Was the user-mode Snort using Phil Wood's libpcap
<http://public.lanl.gov/cpw/> or an older version without MMAP mode
support?



we compared against regular (0.8.3) pcap, so Phil Wood's version should
be  considerably faster.


Cool, thanks for the clarification.
However, speed-ups can still be obtained by running in the kernel due to fewer context switches and no need for copying a packet into the memory mapped area.
Agreed. Do you have any plans to benchmark against Phil Wood's version in the future? 


Willem


Cheers,
Alex.
--
Alex Butcher: Security & Integrity, Personal Computer Systems Group
Information Systems and Computing             GPG Key ID: F9B27DC9
GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9




-------------------------------------------------------
This SF.Net email is sponsored by: thawte's Crypto Challenge Vl
Crack the code and win a Sony DCRHC40 MiniDV Digital Handycam
Camcorder. More prizes in the weekly Lunch Hour Challenge.
Sign up NOW http://ad.doubleclick.net/clk;10740251;10262165;m
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: