Hi Joe On Sep 22, 2012, at 7:35 PM, Joe Patterson <[email protected]> wrote:
> When you say "custom", how custom is it? Is it a matter of taking the > existing examples and making small tweaks, or a major coding project? The first one. > > As an alternative, if you're using DNA to access packet data, are > those packets rendered unavailable through other non-DNA means? So if > you have one application using DNA with symmetric RSS, could you have > another application that's just using standard pf_ring and seeing the > same packets (albeit not as efficiently)? Yes, if you are willing to sacrifice performance it is possible to use a "userspace ring" as "reflector device" (we introduced the pfring_set_reflector_device() call for this). This is a dirty solution with respect to the libzero-based equivalent one and also requires a small patch to the daq module. Regards Alfredo > > Thanks, > > -Joe > > On Sat, Sep 22, 2012 at 1:13 PM, Alfredo Cardigliano > <[email protected]> wrote: >> Bob >> please see inline >> >> On Sep 21, 2012, at 8:43 PM, Bob Bomar <[email protected]> wrote: >> >> I’m doing some testing currently with PF_RING + DNA. And I had 2 questions >> that I wanted to ask: >> >> 1) If we’re running the driver with 8 RSS queues, is it splitting the >> traffic across those 8 queues, or only the ones that we’re listening to? >> I.e, if we’ve got 8 queues and we’ve got snort running on 2 of them, are we >> ignoring 75% of the traffic? >> >> >> Yes, as RSS distributes packets to queues according to the hash, you are >> ignoring 75% of the traffic. >> >> 2) Can we, and if so how, get more than one application receiving the >> same traffic? So if we have snort listening on dna0@[0-7], can we also fire >> up nprobe for dna0@[0-7] and have it see the same data? >> >> >> This is available with standard pf_ring or with libzero for DNA (not with >> standard DNA). In the second case you need a custom "pfdnacluster_master" >> application for distributing/cloning traffic in zero-copy to nProbe and >> snort, and a custom DAQ-DNA compatible with libzero. >> >> Best Regards >> Alfredo >> >> >> >> -- >> Bob Bomar >> Secure Information Services >> terremark worldwide >> Confidentiality Notice: This e-mail message, including any attachments, is >> for the sole use of the intended recipient(s) and may contain confidential >> and privileged information. Any unauthorized review, use, disclosure or >> distribution is prohibited. If you are not the intended recipient and >> received this in error, please contact the sender by reply e-mail and you >> are hereby notified that the copying, use or distribution of any information >> or materials transmitted in or with this message is strictly prohibited. >> >> >> _______________________________________________ >> Ntop-misc mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >> >> >> >> _______________________________________________ >> Ntop-misc mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >> > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc _______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
