Funny how multithreading wasn't that big of a deal until Snort3 got it. Also, the Snort folks for years pooh-poohed the advantages of multithreading especially after Suricata came out and had multithreading while Snort 2.9.x did not. There are several whitepapers scattered around the web that document testing scenarios with multithreading on Suricata. Suricata has multithreading and can still have bottlenecks in some situations. Thanks for the dedication and hard work.īe aware that multithreading is not necessarily all that it's marketed as. I'm willing to pay for a subscription, but not $500 or even thousands per year for home use.Īs you know, the multi-threading is just one benefit. I opted against $uricata because their paid options aren't affordable for the little guy. I have a gigabit fiber connection and Snort takes a big toll, even on my 4+ GHz i7. If it wasn't for the the lack multi-threading, I wouldn't really care. Both of those packages took the higher said in Snort 3: I dropped the Snort3 work primarily because of the compile failure and because Snort 2.9.12 came out along with Suricata 4.1.x. The Netmap work should carry over to both Snort 2.9.x and Snort3. Still a long way from being ready because Netmap documentation is sparse and programming examples are even rarer. I have been having an email conversation with the Snort principals (Cisco folks, now) about this work. I am also working on improving Netmap integration in DAQ, the data acquisition library used by Snort. I will try compiling Snort3 again in the near future (this month) and see what happens. PfSense has a mechanism called "Bounties". Just trying to find a positive way to make everyone happy :) If this is even possible, maybe someone else knows a way to set this up. **(I say this with the assumption that others like me have the same motivation, where a legitimate pool could be created and funds released upon completion (in a reasonable amount of time). Also, by what you said, this may not even be worth the effort until it leaves BETA. You probably don't have a way to do this, or allowed, but I would be willing to donate $100 to a fund to help expedite this process, so you could make it a priority**. If there is any way for me to help, just let me know. It sounds like it's not just as simple as just dropping it in.
0 Comments
Leave a Reply. |