lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 14 Oct 2009 08:33:08 -0600 From: Brad Doctor <brad.doctor@...il.com> To: netdev@...r.kernel.org Cc: Luca Deri <deri@...p.org> Subject: PF_RING: Include in main line kernel? Greetings, On behalf of the users and developers of the PF_RING project, we would like to ask consideration to include the PF_RING module in the main line kernel. PF_RING (http://www.ntop.org/PF_RING.html) is a kernel module that implements an mmap()-ed memory ring for accelerating packet capture and for providing all the basic features a network monitoring application needs. PF_RING includes several features such as packet filtering, balancing across capture applications, packet reflection (i.e. capture application can decide to bounce selected packets onto an as-specified interface). Packets are filtered both using BPF and using ACL-like rules (e.g. tcp and ports from 80 to 100). Using PF_RING it is also possible to exploit multiple RX queues provided by modern NIC adapters. PF_RING achieves a significant speedup by making only one copy of the packet. Additionally, PF_RING is able to operate in a capture-only installation, further increasing performance. PF_RING has been around since 2003 and is very mature with an active contributing developer base. The developer and user community use a mailing list (http://listgateway.unipi.it/pipermail/ntop-misc/) for discussions and submissions. PF_RING is used in several projects, ranging from distributions such as DD-WRT/OpenWrt to improving performance of applications like Snort and Wireshark. Many commercial companies around the world in the field of intrusion detection and traffic analysis rely on PF_RING for accelerating their products and operations. The PF_RING module relies on a small patch to net/core/dev.c that intercepts when a packet is received/transmitted so that it can be passed to the PF_RING module when present and with an active listener. Other than these minor changes, all the PF_RING code is self-contained, comprising jut two files: ring.c and ring.h. PF_RING is the result of many years of research and development specifically into high-speed packet capture, and is homegrown. PF_RING uses the stock GPL license. We feel that PF_RING is ready to be included with the mainline kernel. We are ready and eager to support PF_RING for the long term. Thank you in advance for your consideration! -brad -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists