https://github.com/esnet/dpdk-plugin
https://github.com/esnet/dpdk-plugin
Last synced: 4 months ago
JSON representation
- Host: GitHub
- URL: https://github.com/esnet/dpdk-plugin
- Owner: esnet
- License: other
- Created: 2021-10-14T18:17:34.000Z (over 4 years ago)
- Default Branch: main
- Last Pushed: 2022-11-15T19:34:23.000Z (over 3 years ago)
- Last Synced: 2024-05-09T12:11:52.764Z (about 2 years ago)
- Language: C++
- Size: 95.7 KB
- Stars: 22
- Watchers: 13
- Forks: 13
- Open Issues: 4
-
Metadata Files:
- Readme: README
- Changelog: CHANGES
- License: COPYING
Awesome Lists containing this project
README
# ESnet DPDK Plugin
## Motivation
Intel's [DPDK](https://www.dpdk.org/) is a mature, highly-optimized
library for fast packet capture and generation. This plugin allows the
[Zeek Network Security Monitor](https://zeek.org) to use it.
## Install
### Prerequisites
Install Zeek and zkg, and configure zkg.
### Installing DPDK
Installing the DPDK libraries and kernel module differs based on your distribution:
##### Ubuntu
```
sudo apt install dpdk
```
#### Bind the NIC to a DPDK-compatible driver
DPDK ships with a helper script, which makes it easy to bind your network card. Start by viewing the current status:
```
$ dpdk-devbind.py --status
Network devices using kernel driver
===================================
0000:00:05.0 'Elastic Network Adapter (ENA) ec20' if=ens5 drv=ena unused=igb_uio,vfio-pci *Active*
0000:00:06.0 'Elastic Network Adapter (ENA) ec20' if=ens6 drv=ena unused=igb_uio,vfio-pci
```
Once you've determined which network device you want to use for Zeek, you can bind it to your DPDK-aware driver:
```
$ sudo dpdk-devbind.py --bind=vfio-pci 00:06.0
$ dpdk-devbind.py --status
Network devices using DPDK-compatible driver
============================================
0000:00:06.0 'Elastic Network Adapter (ENA) ec20' drv=vfio-pci unused=ena,igb_uio
Network devices using kernel driver
===================================
0000:00:05.0 'Elastic Network Adapter (ENA) ec20' if=ens5 drv=ena unused=igb_uio,vfio-pci *Active*
```
#### Install necessary build tools
##### Ubuntu
```
sudo apt install cmake build-essentials
```
#### Enable hugepages
`echo 1024 > /sys/kernel/mm/hugepages/hugepages-2048kB/nr_hugepages`
## Run Zeek
### Manually
```
zeek -i dpdk::auto
```
### Via ZeekCtl
```
[worker-1]
type=worker
host=localhost
interface=dpdk::auto
lb_method=custom
lb_procs=8
```