[Snort-devel] accelerating Snort with GPU
roesch at ...402...
Thu Jun 12 11:55:44 EDT 2008
-----BEGIN PGP SIGNED MESSAGE-----
There are two potential issues with going this way.
1) Bus overhead of moving data to/from the GPU. An analysis of the
amount of time it takes to move bytes to the GPU would have to be done
and and understanding of the memory access model would have to be
developed. Essentially if I've got to copy the packet from main
memory to GPU memory the hit taken for the additional packet copy
probably isn't going to be worth the GPU gains.
2) Raw performance. We've looked at using pattern matching
accelerators for years at Sourcefire and have traditionally stayed
away from them for a couple reasons. One is the memory model overhead
associated with packet copying and the other is that the performance
gains from offloading are generally marginal. Better "bang for the
buck" has been seen with approaches like load balancing and "flow
pinning" across multiple Snort instances running on multiple CPU cores.
If you go down that path I'd be interested to hear your results
On Jun 11, 2008, at 6:23 AM, Mariusz Ziulek wrote:
> Today's GPUs (Graphics Processing Units) installed on NVIDIA's
> graphic cards are incredible fast peace of hardware.
> I think that Snort could take an advantage of this speed. There's an
> excellent book "GPU Gems 3" from which chapter 35 (which I've
> recently read), titled "Fast Virus Signature Matching on the GPU" by
> Elizabeth Seamans from Juniper Networks and Thomas Alexander from
> Polytime is especially interesting for security community. Authors
> describe there experimental support for GPU in ClamAV antivirus.
> Now, when NVIDIA introduced their CUDA technology (http://www.nvidia.com/object/cuda_home.html
> ) accelerrating signature matching (in ClamAV and Snort) should be
> simpler and more effective.
> What do you guys think about that? I don't know Snort internals, but
> do you think that it would be possible to implement signature
> matching using CUDA?
> Mariusz Ziułek
> Check out the new SourceForge.net Marketplace.
> It's the best place to buy or sell services for
> just about anything Open Source.
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
Sourcefire - Security for the Real World - http://www.sourcefire.com
Snort: Open Source IDP - http://www.snort.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
-----END PGP SIGNATURE-----
More information about the Snort-devel