Author: Alfredo Cardigliano

  • Home
  • Articles by: Alfredo Cardigliano
PF_RING

Accelerating Suricata with PF_RING DNA
Below you can find an excerpt of the “Suricata (and the grand slam of) Open Source IDPS” article written by our friend Peter Manev (Suricata core team) describing how to install and configure PF_RING, DNA and Suricata. The original blog entries can be found at Part One – PF_RING and Part Two – DNA. ————- Part One – PF_RING If you have pf_ring already installed, you might want to do: sudo rmmod pf_ring If you are not sure if you have pf_ring installed , you can do: sudo modinfo pf_ring …
PF_RING

PF_RING 5.6.0 Released
This is to announce the release of PF_RING 5.6.0. We recommend all users to install this release as we have fixed a couple of critical bugs. Changelog: PF_RING Kernel module Fixed bug that prevented the PF_RING cluster to work properly with specific traffic Documentation User’s guide translated to russian (courtesy of ridervka@yandex.ru) Libzero Fixed bug that caused the DNA bouncer to process the correct packet Examples pfwrite Added support for the microcloud so that for GTP traffic it is possible to dump traffic of specific IMSI phone Added support for …
PF_RING

PF_RING 5.5.3 Released
Today we have released a new maintenance version of PF_RING. We suggest all users to update if possible. PF_RING Kernel module – Support for injecting packets to the stack – Added ability to balance tunneled/fragmented packets with the cluster – Improved init.d script – Packet len fix with GSO enabled, caplen fix with multiple clusters – Bug fixes for race condition with rss rehash, memory corruption, transparent mode and tx capture, kernels >= 3.7. Drivers – Added PF_RING-aware driver for Chelsio cards (cxgb3-2.0.0.1) – New release for PF_RING-aware igb (igb-4.1.2) …
n2disk

Filtering n2disk-captured Packets and Replaying them at 10 Gbit using the nBox
The nBox is not just a no-cost web GUI for ntop products, but it’s a totally new experience for dealing with pcap files. n2disk is able to index packets while capturing and then filter captured packets. Once you have filtered your favourite packets (based on a BPF filter and a time span) you can then download them to your PC or reproduce them at line rate (or at any speed you like). Even BPF filters are simplified with the nBox thanks to the ability to drag and drop filtering expressions …
Announce

Introducing nBox 2.0 (aka how to use/configure ntop apps using a web GUI)
Years ago we decided to create the nBox appliance as turn-key solution for those that were not fans of the command line. Then we decided to rewrite the nBox GUI to make it simpler, more modern, and usable by all ntop users, to configure ntop, nProbe, n2disk, PF_RING and DNA.   In essence we have created a new web interface that can simplify your configurations, assist with complex things such as core affinity or DNA configuration, and let you focus on ntop applications rather than on their configuration. You can download …
PF_RING

PF_RING 5.5.2 Released
Changelog Fix for corrupted VLAN tagged packets Userspace bpf support (when using dna) PF_RING-aware igb default moved to 4.0.17 Flow Control  rx/tx automatically disabled by the driver Added DAQ drivers into RPM (http://packages.ntop.org) New pfring_open() flag PF_RING_DNA_FIXED_RSS_Q_0 to send all traffic to queue 0 and select other queues with hw filters (DNA cards with hw filtering only) Added check for modern libc versions New pfdnacluster_mt_rss_frwd sample app (packet forwarding using libzero dna cluster for rx/balancing and standard dna with zero-copy on rss queues for tx) Added ability to create a …
PF_RING

PF_RING 5.5.1 Released
ChangeLog Updated PF_RING-aware ixgbe driver (3.11.33). Update PF_RING-aware igb (4.0.17). Fixed bug that was causing ixgbe driver not to disable interrupts. This was causing a high load on the core handling the interrupts for ixgbe-based card. libzero: various hugepages improvements and bug fixes. Added ability to specify PF_RING_RX_PACKET_BOUNCE in pfring_open(). Fixed minor PF_RING memory leak. Various improvements to support of hardware timestamp on Silicom Intel-based 10 Gbit adapters. DNA Bouncer: added direction to pfring_dna_bouncer_decision_func callback (useful in bidirectional mode). DNA Cluster: added dna_cluster_set_hugepages_mountpoint() to manually select the hugepages mount point when several …
PF_RING

PF_RING 5.5.0 Released
New libzero features DNA Cluster: number of per-consumer rx/tx queue slots and number of additional buffers can be configured via dna_cluster_low_level_settings() hugepages support (pfdnacluster_master/pfdnacluster_multithread -u option) New PF_RING-aware libpcap features added PF_RING_ACTIVE_POLL environmental variable to enable active polling when defined to 1 enable rehash rss setting env var PF_RING_RSS_REHASH=1 cluster type selectable via env vars: PCAP_PF_RING_USE_CLUSTER_PER_FLOW PCAP_PF_RING_USE_CLUSTER_PER_FLOW_2_TUPLE PCAP_PF_RING_USE_CLUSTER_PER_FLOW_4_TUPLE PCAP_PF_RING_USE_CLUSTER_PER_FLOW_TCP_5_TUPLE PCAP_PF_RING_USE_CLUSTER_PER_FLOW_5_TUPLE New PF_RING-aware drivers Updated Intel drivers to make them compatible with newer kernels New PF_RING library features new pfring_open() flag PF_RING_HW_TIMESTAMP for enabling hw timestamp New PF_RING kernel module features …
n2disk

Using n2disk for 10 Gbit line-rate packet-to-disk
Packet-to-disk is the ability to dump network packets to disk. This activity is important for implementing a sort of “network time machine” so that when something unexpected happens, you have the ability to access the raw packets and thus inspect the cause of the problems. Implementing efficient packet-to-disk requires high-speed packet capture, speedy disks, and efficient packet dump software. We started to work on this field, a few years ago when creating a packet-to-disk application for 1 Gbit networks, named n2disk. Today we are introducing the second generation of n2disk …
PF_RING

Accelerating Snort with PF_RING DNA
Since some time, PF_RING includes a DAQ (Data AcQuisition library) module for the popular Snort IDS/IPS. With respect to Linux AF_PACKET, the use of PF_RING significantly accelerates all snort operations. We have recently created a new DAQ module that adds native PF_RING DNA support, further accelerating the vanilla PF_RING DAQ module from 20 to 50%. The support of DNA in addition to greater speed, also has the advantage of exploiting symmetric RSS, so that you can run one snort instance per RX queue and be sure that such instance will …
PF_RING

Using PF_RING DAQ for high-performance 1/10 Gbit Snort-based IDS/IPS
Months ago we have started to design a new PF_RING DAQ module for snort. We decided to do this project with ENEO Tecnologia who has both sponsored the development and helped us to implement all those tiny features that turned PF_RING DAQ from a simple DAQ adapter to a full fledged module. One of the decisions we made, was to make this new DAQ module able to operate on vanilla PF_RING and also DNA (so that everyone could benefit), and to support complex topologies. In non-DNA mode, we leveraged on …
PF_RING

PF_RING DNA/Libzero vs Intel DPDK
From time to time, we receive inquiries asking us to position PF_RING (DNA and Libzero) against Intel DPDK (Data Plane Development Kit). As we have no access to DPDK, all we can do is to compare these two technologies by looking at the documents about DPDK we can find on the Internet. The first difference is that PF_RING is an open technology, whereas DPDK is available only to licensees. Looking at DPDK performance reports, PF_RING seems to be slightly more efficient (you can run DNA tests yourself using the companion demo applications) than …

High-performance network traffic monitoring and analysis tools.

Explore
Newsletter
Subscribe