Please give us more information about your changes on snort and PF_RING in inline mode
40 views
Skip to first unread message
nima chavooshi
Sep 11, 2011, 1:06:13 PM9/11/11
to meta...@googlegroups.com
Hi
I have already kept track your activity on this group.According your
told and your announcement, you implemented PF_RING in inline mode.
May you give more information about this project?
I have already kept track your activity on this group.According your
told and your announcement, you implemented PF_RING in inline mode.
May you give more information about this project?
- How bandwidth can snort handle on this mode? in fact maximum bandwidth.
- Do you intend to public your effort (probably patches ) on net and
in community ?
Thanks for more information
livio
Sep 12, 2011, 7:26:05 PM9/12/11
to Metaflows
it looks like it can do 700-800 Mbit with 16k snort signatures (the ET
pro) and 200 ms delay on an I7 3 Ghz machine.
You run 6-8 snort processes in parallel each one uses one of the
cores.
We will send the code to Luca Deri for his review (it is his project)
and we will also post it for the community.
Be patient a few more days..
pro) and 200 ms delay on an I7 3 Ghz machine.
You run 6-8 snort processes in parallel each one uses one of the
cores.
We will send the code to Luca Deri for his review (it is his project)
and we will also post it for the community.
Be patient a few more days..
Reply all
Reply to author
Forward
0 new messages