[Snort-devel] Snort 3 Architecture
sikking23 at gmail.com
Sun Oct 22 08:06:14 EDT 2017
Thanks for the replay!
Can I have a better description for the "Service" component?
On 23 July 2017 at 20:40, Russ <rucombs at cisco.com> wrote:
> Hey Simon,
> Snort 3 currently has one thread per packet source, whether that be a
> network interface or pcap. You can configure that with -z or
> --max-packet-threads. All processing of a given packet is within the
> thread associated with its source. You can set CPU affinity for packet
> threads via the process module. The architecture will evolve over time to
> support hardware offload and elephant flows (too big for a single core).
> Please keep us posted on your results or if you have any questions about
> tuning for comparison with Snort 2.
> On 7/23/17 4:03 AM, Simon Dzn via Snort-devel wrote:
> Hey all,
> I am writing an article regarding to Snort 3 performance and I'm having
> trouble finding a reliable resource on the current architecture.
> I saw in the Snort 3 documentation the difference in the packet processing
> but couldn't find out if you are creating a thread for each packet or
> several threads for detection.
> Thanks and have a great day!
> Snort-devel mailing listSnort-devel at lists.snort.orghttps://lists.snort.org/mailman/listinfo/snort-devel
> Please visit http://blog.snort.org for the latest news about Snort!
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-devel