[Snort-users] Kernel space Snort. Proof of concept test succeeded.
Alex Butcher, ISC/ISYS
Alex.Butcher at ...11254...
Wed Sep 15 01:25:02 EDT 2004
--On 15 September 2004 10:20 +0200 Willem de Bruijn <wdebruij at ...1580...> wrote:
> Hi Alex,
>> Was the user-mode Snort using Phil Wood's libpcap
>> <http://public.lanl.gov/cpw/> or an older version without MMAP mode
> we compared against regular (0.8.3) pcap, so Phil Wood's version should
> be considerably faster.
Cool, thanks for the clarification.
> However, speed-ups can still be obtained by running in the kernel due to
> fewer context switches and no need for copying a packet into the memory
> mapped area.
Agreed. Do you have any plans to benchmark against Phil Wood's version in
Alex Butcher: Security & Integrity, Personal Computer Systems Group
Information Systems and Computing GPG Key ID: F9B27DC9
GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9
More information about the Snort-users