[Snort-users] Snort++ Project Help - Slow Inline Throughput

Joel Esler (jesler) jesler at ...589...
Tue May 23 18:27:23 EDT 2017


Check this out:

http://blog.snort.org/2016/08/running-snort-on-commodity-hardware.html


--
Joel Esler | Talos: Manager | jesler at ...589...<mailto:jesler at ...589...>






On May 22, 2017, at 5:05 PM, B B <dustythepath at ...11827...<mailto:dustythepath at ...11827...>> wrote:

Shawn,

I have not seen any replies to your thread about LSO and DSO or “offloading”. I use ethtool to disable offloading on startup. If you haven’t looked into this it may be your issue.

These are my settings in /etc/local.d/ethtool_changes.txt

ethtool --offload enp5s0 rx off tx off
ethtool -K enp5s0 gro off gso off lro off
ethtool -G enp5s0 rx 4096
ethtool -K enp5s0 sg off
ethtool -G enp5s0 tx 4096
ifconfig enp5s0 promisc
ethtool --offload enp6s0 rx off tx off
ethtool -K enp6s0 gro off gso off lro off
ethtool -G enp6s0 tx 4096
ethtool -G enp6s0 rx 4096
ethtool -K enp6s0 sg off
ifconfig enp6s0 promisc

Hope this helps…

Bill

On May 22, 2017, at 1:31 PM, Shawn M Venti <sv2 at ...17844...<mailto:sv2 at ...17844...>> wrote:

Hello All,

I posted about this issue a little while ago however am still struggling. If anyone could be of assistance it would be very helpful.

Currently I am working on a project that Snort++ (3.0.0-a4) is a part of. I’m attempting to run this on a smaller single board PC made my PC Engine. Please see the specs here:

- AMD Embedded G series GX-412TC , 1 GHz quad core
- 4 GB DDR-1333
- 3x i210AT LAN

I have successfully built and installed Snort++ on this system but the trouble I am having is horrible throughput (~20 MBits/sec) on a 100MBits/sec channel. The only modification that I have made to the default configuration is whats needed to run in inline mode.

I am using the AFPacket DAQ. Attached to this message is a test through my setup using iPerf and the Snort++ output. I’ve also attached my configuration file for Snort++.

All the best,

Shawn

<iPerf3_Sample1.txt><Snort++_Sample1.txt>------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org<http://Slashdot.org>! http://sdm.link/slashdot_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net<mailto:Snort-users at lists.sourceforge.net>
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org<http://Slashdot.org>! http://sdm.link/slashdot
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net<mailto:Snort-users at lists.sourceforge.net>
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!



More information about the Snort-users mailing list