Hi Bowen said that I am still missing something in your implementation (did you write custom code using nbpf_parse and nbpf_match ?), your test results could be reliable if you are checking the processing speed at 1Gbit.
Alfredo > On 28 Jun 2018, at 09:23, Bowen Li <[email protected]> wrote: > > Hi Alfredo > Thanks for replying. > My test environment: > CentOS Linux release 7.2.1511 (Core) 3.10.0-327.13.1.el7.x86_64 > Intel(R) Xeon(R) CPU E5-2690 v2 @ 3.00GHz > Memory: 128G > > PF_RING Version : 7.2.0 > (7.2.0-stable:745f567720be0f28385ce923ba9f4957d6fe35cf) > Total rings : 21 > Standard (non ZC) Options > Ring slots : 4096 > Slot version : 17 > Capture TX : Yes [RX+TX] > IP Defragment : No > Socket Mode : Standard > Cluster Fragment Queue : 0 > Cluster Fragment Discard : 0 > > Ethernet controller: Intel Corporation 82574L Gigabit Network > Connection > Ethernet controller: Intel Corporation 82599ES 10-Gigabit SFI/SFP+ > Network Connection (rev 01) > > bro ids version 2.5.2 > > My goal is to use nbpf to shunt traffic from some hosts instead of > catching traffic from specific hosts, so I did the test. > I use two 10G interface on same nic to send traffic from one to another > one(I also do this on 1G nic) using pfsend, bro ids listen the receiving > interface with bpf filter, I use > "cmd_line_bpf_filter" param in bro to pass filter to PF_RING, my test result > is: with format "not host A and not host B and ...", the maximum num of host > is 466 and it seems that the number of host item has no effect on the > processing speed of PF_RING. Are my test result reliable? > > Alfredo Cardigliano <[email protected] <mailto:[email protected]>> > 于2018年6月27日周三 下午4:05写道: > Hi Bowen > the nbpf syntax actually supports the not operator, however it depends > on the actual backend (we probably need to extend the guide commenting > more about this). For instance translating the filter into hw rules for > offloading > it to the adapter, in most cases it is not possible to use the not operator. > What is your use case/application/card where you are using nbpf? > > Regards > Alfredo > >> On 27 Jun 2018, at 04:48, Bowen Li <[email protected] >> <mailto:[email protected]>> wrote: >> >> Hi all, >> The README of ndpf section in github notes that “NOT” cannot be used as >> keyword in filter, however, I used “NOT” and the filter is effective in my >> test process. I want to know if there is something wrong in the official >> documents or I omitted anything in my code. >> If the used format of filter is “not host A and not host B and...”, how >> many hosts that ndpf could support to filter in maximum? Besides, could you >> please tell me if pcap processing speed of PF_RING will be influenced with >> the increase of filter length? >> Any insight would be helpful. >> _______________________________________________ >> Ntop-misc mailing list >> [email protected] <mailto:[email protected]> >> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >> <http://listgateway.unipi.it/mailman/listinfo/ntop-misc> > _______________________________________________ > Ntop-misc mailing list > [email protected] <mailto:[email protected]> > http://listgateway.unipi.it/mailman/listinfo/ntop-misc > <http://listgateway.unipi.it/mailman/listinfo/ntop-misc>_______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
