Optimization #721: full nfq zero copy mode - Suricata - Open Information Security Foundation

Actions

Copy link

Optimization #721

open

full nfq zero copy mode

Added by Victor Julien almost 12 years ago. Updated over 1 year ago.

Status:

New

Priority:

Normal

Assignee:

Community Ticket

Target version:

TBD

Effort:

medium

Difficulty:

high

Label:

Description

Currently the nfq lib doesn't support zero copy. Each "recv" call will overwrite an internal buffer, so that it's not possible to just keep a reference to this buffer.

In the single/workers runmodes this is not a problem, as all packets are processed before the next recv call.

But in auto/autofp recv, verdict and all other packet handling runs async, so we may have multiple recv calls before a packet is processed and verdicted fully. Therefore, these modes need to work on copies of the data.

Work is being done by the netfilter project to address this, once that is available, we can support zero copy for all runmodes properly.

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Optimization #721

full nfq zero copy mode

Updated by Andreas Herz almost 9 years ago

Updated by Victor Julien almost 9 years ago

Updated by Victor Julien almost 8 years ago

Updated by Victor Julien over 6 years ago

Updated by Andreas Herz over 5 years ago

Updated by Philippe Antoine over 1 year ago