[Snort-users] Large receive offload, good or bad?
peter.bates at ...15381...
Thu Aug 30 11:43:52 EDT 2012
-----BEGIN PGP SIGNED MESSAGE-----
Interesting topic, as I've been pondering the same thing this week.
On 30/08/2012 15:59, Joel Esler wrote:
> If I was deploying an I[DP]S I would investigate using a operating
> system and network card that supports zero copy bpf sockets. This
> will save you much more CPU time than using LRO and have much more
> predictable results.
Can the VRT member who is not on the list expand a bit more on this?
Are we talking *BSD, Linux AF_PACKET with fanout, PF_RING, ?
I've been exploring increasing the buffer size with the AF_PACKET DAQ
this week only to find it errors when set to 4Gb or more.
Senior Computer Security Officer Phone: +44(0)2076792049
Information Services Division Internal Ext: 32049
University College London
London WC1E 6BT
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
-----END PGP SIGNATURE-----
More information about the Snort-users