Feature #681
closed
Implement TPACKET_V3 support in AF_PACKET
Added by Eric Leblond almost 12 years ago.
Updated over 8 years ago.
Description
Suricata only supports TPACKET_V2 in AF_PACKET capture. The version 3 of packet allows to have a non fixed packet size in the ring buffer. This is supposed to increase capture performance on network with small packets.
- Assignee set to Eric Leblond
Seems the protocol is not documented and example code is missing. Might be hard to get it working.
- Target version set to TBD
- Status changed from New to Assigned
- Target version changed from TBD to 3.0RC2
- Priority changed from Normal to Low
- Target version changed from 3.0RC2 to TBD
Seems this API isn't all that much of an improvement?
We noticed quite an increase in performance (around %25) when implementing in our sniffer. It would be great is Suricata was able to support this as well.
Eoin, since you have an implementation, are you interested in contributing it?
- Priority changed from Low to Normal
- Target version changed from TBD to 70
- Status changed from Assigned to Closed
- Target version changed from 70 to 3.1rc1
Also available in: Atom
PDF