[Ntop-misc] Pfring - Snort Inline Latency

[Berk Gulenler]

Hi,

Does anyone having latency problem with Snort inline but not with 
pfbridge? Is there a compatibility problem with Snort? What is the 
difference between Metaflows's pfring 
(http://www.metaflows.com/solutions2/pf-ring/) and the Ntop's pfring? 
I'm not having latency problem with Metaflows.

os:

Centos 6.5

kernel:

2.6.32-431.1.2.0.1.el6.x86_64

software:

Snort 2.9.5.6
DAQ 2.0.1
Pfring 5.6.1

command:

snort -c /opt/snort/etc/snort.conf --daq-dir /opt/snort/lib/daq --daq 
pfring --daq-mode inline -i eth0:eth1 --daq-var fast-tx=1 --daq-var 
clusterid=10,11 --daq-var bindcpu=1 -Q


snort:

ldd /opt/snort/bin/snort
        linux-vdso.so.1 =>  (0x00007fff2bd91000)
        libdnet.1 => /opt/snort/lib/libdnet.1 (0x00007f100433c000)
        libpcre.so.0 => /lib64/libpcre.so.0 (0x00000035d6000000)
        libnsl.so.1 => /lib64/libnsl.so.1 (0x00000035d4000000)
        libm.so.6 => /lib64/libm.so.6 (0x00000035d2400000)
        libpfring.so => /opt/snort/lib/libpfring.so (0x00007f100410b000)
        libdl.so.2 => /lib64/libdl.so.2 (0x00000035d1000000)
        libsfbpf.so.0 => /opt/snort/lib/libsfbpf.so.0 (0x00007f1003ee6000)
        libpcap.so.1 => /opt/snort/lib/libpcap.so.1 (0x00007f1003caa000)
        libz.so.1 => /lib64/libz.so.1 (0x00000035d2000000)
        libpthread.so.0 => /lib64/libpthread.so.0 (0x00000035d1800000)
        libc.so.6 => /lib64/libc.so.6 (0x00000035d1400000)
        libnl.so.1 => /lib64/libnl.so.1 (0x00000035d7400000)
        /lib64/ld-linux-x86-64.so.2 (0x00000035d0c00000)


libpcap:

ldd /opt/snort/lib/libpcap.so
        linux-vdso.so.1 =>  (0x00007fffc3949000)
        libnl.so.1 => /lib64/libnl.so.1 (0x00007f42352e1000)
        libpfring.so => /opt/snort/lib/libpfring.so (0x00007f42350bb000)
        libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f4234e9e000)
        libc.so.6 => /lib64/libc.so.6 (0x00007f4234b0a000)
        libm.so.6 => /lib64/libm.so.6 (0x00007f4234885000)
        /lib64/ld-linux-x86-64.so.2 (0x00000035d0c00000)


pfring:

ldd /opt/snort/lib/libpcap.so
        linux-vdso.so.1 =>  (0x00007fffc3949000)
        libnl.so.1 => /lib64/libnl.so.1 (0x00007f42352e1000)
        libpfring.so => /opt/snort/lib/libpfring.so (0x00007f42350bb000)
        libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f4234e9e000)
        libc.so.6 => /lib64/libc.so.6 (0x00007f4234b0a000)
        libm.so.6 => /lib64/libm.so.6 (0x00007f4234885000)
        /lib64/ld-linux-x86-64.so.2 (0x00000035d0c00000)

pfring kernel module:

filename: 
/lib/modules/2.6.32-431.1.2.0.1.el6.x86_64/kernel/net/pf_ring/pf_ring.ko
alias:          net-pf-27
description:    Packet capture acceleration and analysis
author:         Luca Deri <d...@ntop.org>
license:        GPL
srcversion:     F1F507CF7C4640D90B26447
depends:
vermagic:       2.6.32-431.1.2.0.1.el6.x86_64 SMP mod_unload modversions

Thanks in advance.
_______________________________________________
Ntop-misc mailing list
Ntop-misc@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop-misc