Re: Snort 3 Architecture

[Simon Dzn via Snort-devel <snort-devel () lists snort org>]

Thanks for the replay!
Can I have a better description for the "Service" component?

On 23 July 2017 at 20:40, Russ <rucombs () cisco com> wrote:

> Hey Simon,
>
> Snort 3 currently has one thread per packet source, whether that be a
> network interface or pcap.  You can configure that with -z or
> --max-packet-threads.  All processing of a given packet is within the
> thread associated with its source.  You can set CPU affinity for packet
> threads via the process module.  The architecture will evolve over time to
> support hardware offload and elephant flows (too big for a single core).
>
> Please keep us posted on your results or if you have any questions about
> tuning for comparison with Snort 2.
>
> Thanks
> Russ
>
>
> On 7/23/17 4:03 AM, Simon Dzn via Snort-devel wrote:
>
> Hey all,
>
> I am writing an article regarding to Snort 3 performance and I'm having
> trouble finding a reliable resource on the current architecture.
> I saw in the Snort 3 documentation the difference in the packet processing
> but couldn't find out if you are creating a thread for each packet or
> several threads for detection.
>
> Thanks and have a great day!
>
>
> _______________________________________________
> Snort-devel mailing listSnort-devel@lists.snort.orghttps://lists.snort.org/mailman/listinfo/snort-devel
>
> Please visit http://blog.snort.org for the latest news about Snort!
_______________________________________________
Snort-devel mailing list
Snort-devel () lists snort org
https://lists.snort.org/mailman/listinfo/snort-devel

Please visit http://blog.snort.org for the latest news about Snort!