[GTER] fastnetmon autor

Pavel Odintsov pavel.odintsov at gmail.com
Wed Dec 2 19:19:13 -02 2015


Hello!

Thanks for interesting question!  Will answer inline.


On Fri, Nov 27, 2015 at 4:59 PM, Eduardo Meyer <dudu.meyer at gmail.com> wrote:
> Hello Pavel,
>
> In first place, thank you for your time and effort put on this. Fastnetmon
> is a great tool.

Welcome :)

>
> I am also running it on FreeBSD, and so far the only bug I noticed is a
> popen error which lead to exit(1) on the application when we run a shell
> script for external action. It's just an exit handling from the popen since
> the script just runs correctly, however Fastnetmon believes there was an
> error (which was not) and exits.

Unfortunately popen syscall is a bit weird sometimes. And we have
workaround for this case:
notify_script_pass_details = no

And FNM will not hang in case of troubles with notify script.

>
> On the next version for fastnetmon, how do you leverage on DPI? How does it
> will influence the effectiveness and quality of DDoS detection? I ask this
> due to the difference on topology vs performance, say, trying to determine
> I should move from a lightweight approach such as sFLOW to a not so light,
> like pcap and how does DPI worths the extra CPU cycles to inspect the whole
> packet.

We are working hard on lightweight DPI which will work even with sFLOW
because sflow has some information about data. sFLOW is awesome for
attack detection but you need to keep your eyes on sampling rate:
blog.sflow.com/2009/06/sampling-rates.html

>
> For FreeBSD do you plan to DPI inspect in Netmap mode as well? Have you
> done that for PF_RING already or DPI is pcap only?

On linux DPI working for all platforms: PF_RING, PCAP and sure NetMap.
Recent version of install script build almost all code from sources
even on FreeBSD and you could try to build it.

Binary version for FreeBSD with recent features will be available in
next months..

>
> Once again thank you for such a great piece of code and welcome to GTER.
>
> BTW, FNM performance on FreeBSD even in pcap mode (without netmap pcap) is
> years higher than the expected / documented performance on FNM's
> documentation. Actually, at least 3Gbit/s in pcap mode in a bridged
> (if_bridge / kernel path based) environment so far is GTG, in the next days
> I plan to add a 10G port and have a >5Gbps avg load and see how it performs
> with ban time 900 and avg calculation time 15.

I will be very glad if you share your success story :)

Pcap on Linux is really slow and I'm trying to avoid it if possible.
Really nice to hear about fast pcap in FreeBSD!

>
>
>
>
>
>
> On Tue, Nov 24, 2015 at 11:22 AM, Pavel Odintsov <pavel.odintsov at gmail.com>
> wrote:
>
>> Hello!
>>
>> We are moving fast and sometimes breaking things. We will fix FreeBSD
>> build system in next few weeks. So I haven't saw very big popularity
>> of FreeBSD version. But actually GTER show amazing interest about
>> FreeBSD. So we could change minds and fix FreeBSD support :)
>>
>> 2015-11-24 14:37 GMT+03:00 Cassiano Peixoto <peixotocassiano at gmail.com>:
>> > Hi Pavel,
>> >
>> > First of all congrats for your good work. This new features looks very
>> > interesting, but i didn't find any support for FreeBSD. Fastnetmon is not
>> > support on FreeBSD anymore?
>> >
>> > Thanks.
>> >
>> >
>> > 2015-11-24 3:44 GMT-02:00 Pavel Odintsov <pavel.odintsov at gmail.com>:
>> >>
>> >> Hello!
>> >>
>> >> Thanks for feedback! :) We have already implemented some awesome
>> >> features (DPI, GoBGP support and Flow Spec) in current Git version.
>> >> You could install it with installer script this way:
>> >>
>> >> wget
>> >>
>> https://raw.githubusercontent.com/pavel-odintsov/fastnetmon/master/src/fastnetmon_install.pl
>> >> -Ofastnetmon_install.pl
>> >> sudo perl fastnetmon_install.pl --use-git-master
>> >>
>> >> 2015-11-21 2:00 GMT+03:00 Diego Canton de Brito
>> >> <diegocanton at ensite.com.br>:
>> >> >
>> >> > Interessante, utilizamos a algum tempo e recomendo, andei ajudando
>> >> > alguns participantes a ajustarem e sempre há um consenso qto a
>> eficiência
>> >> > dele.
>> >> > Estou ansioso pra ver as melhorias previstas no roadmap dele em ação.
>> >> > --
>> >> > Enviado do aplicativo myMail para Android sexta-feira, 20 novembro
>> 2015,
>> >> > 08:20PM -02:00 de Roberto Bertó < roberto.berto at gmail.com> :
>> >> >
>> >> >> Ola pessoal
>> >> >>
>> >> >> Como é um assunto que a gente sempre discute pensei em trazer o autor
>> >> >> do
>> >> >> fastnetmon o Pavel Odintsov  aqui na lista para tirar duvidas e
>> >> >> conversar
>> >> >> conosco, duvidas de instalacao cenarios de deploy, aproveitem!
>> >> >>
>> >> >> Ele esteve na RIPE71 divulgando essa semana. Muitos de nos ja estao
>> >> >> usando
>> >> >> o FNM e ja possuem experiencia tambem.
>> >> >> --
>> >> >> gter list  https://eng.registro.br/mailman/listinfo/gter
>> >> > --
>> >> > gter list    https://eng.registro.br/mailman/listinfo/gter
>> >>
>> >>
>> >>
>> >> --
>> >> Sincerely yours, Pavel Odintsov
>> >> --
>> >> gter list    https://eng.registro.br/mailman/listinfo/gter
>> >
>> >
>>
>>
>>
>> --
>> Sincerely yours, Pavel Odintsov
>> --
>> gter list    https://eng.registro.br/mailman/listinfo/gter
>>
>
>
>
> --
> ===========
> Eduardo Meyer
> pessoal: dudu.meyer at gmail.com
> profissional: ddm.farmaciap at saude.gov.br
> --
> gter list    https://eng.registro.br/mailman/listinfo/gter



-- 
Sincerely yours, Pavel Odintsov



More information about the gter mailing list