mirror of https://github.com/OISF/suricata
cybersecurityidsintrusion-detection-systemintrusion-prevention-systemipsnetwork-monitornetwork-monitoringnsmsecuritysuricatathreat-hunting
You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
919377d4a5
This patch is updating af-packet to discard packets that have been sent to a socket before all socket in a fanout group have been setup. Without this, there is no way to assure that all packets for a single flow will be treated by the same thread. Tests have been done on a system with an ixgbe network card. When using 'cluster_flow' load balancing and disactivating receive hash on the iface: ethtool -K IFACE rxhash off then suricata is behaving as expected and all packets for a single flow are treated by the same thread. For some unknown reason, this is not the case when using cluster_cpu. It seems that in that case the load balancing is not perfect on the card side. The rxhash offloading has a direct impact on the cluster_flow load balancing because load balancing is done by using a generic hash key attached to each skb. This hash can be computed by the network card or can be computed by the kernel. In the xase of a ixgbe network card, it seems there is some issue with the hash key for TCP. This explains why it is necessary to remove the rxhash offloading to have a correct behavior. This could also explain why cluster_cpu is currently failing because the card is using the same hash key computation to do the RSS queues load balancing. |
12 years ago | |
|---|---|---|
| benches | ||
| contrib | 12 years ago | |
| doc | 13 years ago | |
| m4 | ||
| qa | 12 years ago | |
| rules | 12 years ago | |
| scripts | 13 years ago | |
| src | 12 years ago | |
| .gitignore | 13 years ago | |
| COPYING | ||
| ChangeLog | 12 years ago | |
| LICENSE | ||
| Makefile.am | 12 years ago | |
| Makefile.cvs | ||
| acsite.m4 | ||
| autogen.sh | 13 years ago | |
| classification.config | ||
| config.rpath | 13 years ago | |
| configure.ac | 12 years ago | |
| doxygen.cfg | 12 years ago | |
| reference.config | ||
| suricata.yaml.in | 12 years ago | |
| threshold.config | ||