【工作备忘】suricata
2013-09-12 13:22
246 查看
因为工作遇到的困难,我向suricata的某个作者发送了邮件。
On Wed, Sep 11, 2013 at 8:22 AM, likeyi <929812468@qq.com> wrote:
Dear Tom DeCanio:
Very glad to see you, I am now reading the source code that writed by you.
I am a user for this source code, and now I have met some problems.
One is that I found when I configure the suricata as IDS mode, It's run
fast, But when I configure the suricata as IPS mode,it is very slowly.
And I found that it is "MpipeFreePacket" function cause that, and I want to know why.
Thank you very much.
很幸运的,Tom Decanio回复了邮件。
Nice to meet you as well.
Its been quite a while since I played with this code. I seem to remember that my benchmark comparisons between IDS and IPS mode seemed to indicate that there was about a 10-15% penalty for running in IPS mode, which I didn't think was too bad. I don't know if you are seeing something similar.
When running IDS mode freeing a packet results in a simple write to a hardware register to free the packet back to a stack. Actually transmitting that requires queueing the packet for transmission out the egress port. I've not looked recently, but I believe the gxio_mpipe_equeue_put implementation actually requires synchronization between all of the suricata worker threads doing output so there might be lock contention within the routine. Again this is from memory as I haven't looked at this in a while.
I believe that Tilera has modified this part of the code somewhat, and removed quite a bit of functionality in the process. I haven't benchmarked the suricata code being delivered by Tilera.
Good luck with Suricata on Tilera.
Regards;
Tom
然后我又做了如下回复。
Thank you very much, to be honest, seeing 0:03 reply to my mail, I am very grateful.
Then I realized that China is at midnight,and the United States just at noon, right? You are in the U.S.?
Your e-mail I received very excited, it reminds me of the feeling of pen pals, especially when chatting with foreigners.
I hope you know that when I was in China will not be too surprised that China is developing rapidly, welcome to travel to China.
On Wed, Sep 11, 2013 at 8:22 AM, likeyi <929812468@qq.com> wrote:
Dear Tom DeCanio:
Very glad to see you, I am now reading the source code that writed by you.
I am a user for this source code, and now I have met some problems.
One is that I found when I configure the suricata as IDS mode, It's run
fast, But when I configure the suricata as IPS mode,it is very slowly.
And I found that it is "MpipeFreePacket" function cause that, and I want to know why.
Thank you very much.
很幸运的,Tom Decanio回复了邮件。
Nice to meet you as well.
Its been quite a while since I played with this code. I seem to remember that my benchmark comparisons between IDS and IPS mode seemed to indicate that there was about a 10-15% penalty for running in IPS mode, which I didn't think was too bad. I don't know if you are seeing something similar.
When running IDS mode freeing a packet results in a simple write to a hardware register to free the packet back to a stack. Actually transmitting that requires queueing the packet for transmission out the egress port. I've not looked recently, but I believe the gxio_mpipe_equeue_put implementation actually requires synchronization between all of the suricata worker threads doing output so there might be lock contention within the routine. Again this is from memory as I haven't looked at this in a while.
I believe that Tilera has modified this part of the code somewhat, and removed quite a bit of functionality in the process. I haven't benchmarked the suricata code being delivered by Tilera.
Good luck with Suricata on Tilera.
Regards;
Tom
然后我又做了如下回复。
Thank you very much, to be honest, seeing 0:03 reply to my mail, I am very grateful.
Then I realized that China is at midnight,and the United States just at noon, right? You are in the U.S.?
Your e-mail I received very excited, it reminds me of the feeling of pen pals, especially when chatting with foreigners.
I hope you know that when I was in China will not be too surprised that China is developing rapidly, welcome to travel to China.
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- 工作备忘-Xcode添加静态库以及编译选项配置常见问题
- 工作心得(6)——备忘 [原]
- arp 工作相关 备忘
- 近期工作 备忘
- 工作备忘--设置任意控件任意位置的圆角
- 工作备忘-制作Framework所用shell脚本代码
- 工欲善其事,必先利其器-----近期工作汇总备忘
- 工作备忘-在xib/storyboard里面设置view圆角半径
- 工作备忘
- 工作遇到的问题备忘
- Mysql 工作时用到的奇葩语句备忘
- with read only ---工作备忘2016/02/15
- 工作备忘-设置Log日志打印开关
- 自己的工作计划-备忘
- 工作时常用的工具(备忘)
- 工作备忘:cacti&nagios登录密码修改方法
- 时间to_date,层级查询 --工作备忘2016/1/8
- 工作阶段 --工作备忘2016/02/18
- 窗口函数--配合over(...)的选项 rows/range between ... preceding and ... following--工作备忘2016/9/30
- 工作备忘-ios应用安全防护oc源代码混淆,防止class-dump攻击