> The last step requires that you have snort use netmap rather than just
> straight bpf - or maybe somehow there's a way to glue bpf into a
> single netmap ring.
>
> I haven't wrapped all of this up and thrown it into FreeBSD-HEAD yet,
> but i know that a symmetric RSS
ebsd.org
>
> On Mon, Sep 22, 2014 at 5:12 PM, Elof Ofel wrote:
> > I have a single NIC, mon0, that constantly receive 800 Mbps of mirrored
> > traffic.
> > I want to split these 800 Mbps into smaller chunks and feed them to a
> > couple of virtual interfaces.
&g
I have a single NIC, mon0, that constantly receive 800 Mbps of mirrored traffic.
I want to split these 800 Mbps into smaller chunks and feed them to a couple of
virtual interfaces.
Each virtual interface can then have instance of 'snort' inspecting its traffic.
Say approximately 200 Mbps per inte
