Skip to content
/ bro-myricom Public

Bro plugin to receive packets through the Myricom Sniffer API

License

View license
5 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

sethhall/bro-myricom

BranchesTags

Repository files navigation

Bro::Myricom

This plugin provides native Myricom SNF v3+v4 support for Bro.

Bro-pkg Installation

Make sure you have the SNF library installed and then run:

bro-pkg install sethhall/bro-myricom

Manual Installation

Follow Myricom's instructions to get its kernel module and userspace libraries installed, then use the following commands to configure and build the plugin.

After building bro from the sources, change to the "aux/plugins/myricom" directory and run:

./configure --with-myricom=<path to sniffer sources> --bro-dist=<path to bro sources>
make && sudo make install

Note: In most cases, if you are building this plugin from the Bro source tree, you won't need any configure arguments.

If everything built and installed correctly, you should see this:

# bro -N Bro::Myricom
Bro::Myricom - Packet acquisition via Myricom SNF v3+v4 (dynamic, version 1.0)

You may run Bro as unprivileged user.

Usage

Once installed, you can use Myricom interfaces/ports by prefixing them with myricom:: on the command line. For example, to use Myricom SNF to monitor interface p2p1:

bro -i myricom::p2p1

To use it in production with multiple Bro processes, use a configuration similar to this in node.cfg:

[worker-1]
type=worker
host=localhost
lb_method=custom
lb_procs=<number of processes, like 16>
interface=myricom::<interface name, like p2p1>

If you would like to sniff all Myricom interfaces on a system and merge them together, there is a special interface name available of myricom::*. It uses a special feature of the Myricom SNF library for port aggregation.

To run a cluster sniffing all Myricom interfaces on a system, you can use the same configuration as above, but with the special interface name that aggregates all Myricom ports like this:

[worker-1]
type=worker
host=localhost
lb_method=custom
lb_procs=<number of processes, like 16>
interface=myricom::*

Tuning

You may wish to tune the amount of memory used for the global packet buffer. This setting is available in the Bro script interface to the plugin, but it's also available as a global option in broctl.cfg or as a per-node option in node.cfg. The following line in either config file will set the SNF packet buffer ring size to 16GB (the default is 1GB):

myricom.snf_ring_size=16384

Enjoy!

About

Bro plugin to receive packets through the Myricom Sniffer API

Resources

Readme

License

View license
Activity

Stars

5 stars

Watchers

4 watching

Forks

2 forks
Report repository

Releases

4 tags

Packages

No packages published

Contributors 2

  •  
  •  

Languages