2014-11-22 13:30:32 +01:00
I recommend you to disable CPU freq scaling for gain max performance (max frequency):
```bash
echo performance | tee /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor
```
2017-12-03 14:04:33 +01:00
You can use script [irq_balance_manually.sh ](https://github.com/pavel-odintsov/fastnetmon/blob/master/src/irq_balance_manually.sh ) for irq balancing on heavy loaded networks.
2014-11-22 13:30:32 +01:00
Running tool without root permissions:
```bash
useradd fastnetmon
setcap cap_net_admin+eip fastnetmon
su fastnetmon
./fastnetmon eth0,eth1
```
Please keep in mind when run tool on OpenVZ because without root permissions tool can't get all VE ips and you should pass it explicitly.
Debugging flags.
2015-09-29 17:00:02 +02:00
DUMP_ALL_PACKETS will enable all packets dumping to /var/log/fastnetmon.log. It's very useful for testing tool on non standard platforms.
2014-11-22 13:30:32 +01:00
```bash
2015-05-15 10:26:28 +02:00
DUMP_ALL_PACKETS=yes ./fastnetmon
2014-11-22 13:30:32 +01:00
```
2015-09-29 17:00:02 +02:00
If you want to dump only "other" (we could not detect direction for this packets) packets, please use: DUMP_OTHER_PACKETS.
2015-05-15 10:26:28 +02:00
Recommended configuration options for ixgbe Intel X540 driver (netmap mode):
2014-11-22 13:30:32 +01:00
```bash
cat /etc/modprobe.d/ixgbe.conf
options ixgbe IntMode=2,2 MQ=1,1 DCA=2,2 RSS=8,8 VMDQ=0,0 max_vfs=0,0 L2LBen=0,0 InterruptThrottleRate=1,1 FCoE=0,0 LRO=1,1 allow_unsupported_sfp=0,0
```
2015-09-03 13:12:30 +02:00
I got very big packet size (more than mtu) in attack log? In PF_RING this behaviour will be related with offload features of NIC. For Intel 82599 I recommend disable all offload:
2014-11-22 13:30:32 +01:00
```bash
ethtool -K eth0 gro off gso off tso off
```
2015-01-24 16:34:06 +01:00
How I can compile FastNetMon without PF_RING support?
```bash
cmake .. -DDISABLE_PF_RING_SUPPORT=ON
```
2014-11-22 13:30:32 +01:00
If you saw intel_idle in perf top with red higlihting you can disable it with following kernel params (more details you can find Performance_Tuning_Guide_for_Mellanox_Network_Adapters.pdf):
```bash
intel_idle.max_cstate=0 processor.max_cstate=1
```
2014-12-16 11:31:41 +01:00
If you want build with clang:
```bash
cmake -DCMAKE_C_COMPILER=/usr/bin/clang -DCMAKE_CXX_COMPILER=/usr/bin/clang++ ..
```
2014-12-16 11:55:54 +01:00
If tou want build tool with debug info:
```bash
cmake -DCMAKE_BUILD_TYPE=Debug ..
```
2015-05-15 10:26:28 +02:00
If you want speedup build process please build with ninja instead of make:
```bash
apt-get install -y ninja-build
cd build
cmake -GNinja ..
2015-05-15 10:27:00 +02:00
ninja
2015-05-15 10:26:28 +02:00
```
Ninja use all CPUs for build process:
```bash
1 [||||||||||||||||||||||||||||||||||||||||||||||100.0%] Tasks: 53, 103 thr, 64 kthr; 6 running
2 [||||||||||||||||||||||||||||||||||||||||||||||100.0%] Load average: 1.32 0.45 0.19
3 [||||||||||||||||||||||||||||||||||||||||||||||100.0%] Uptime: 1 day, 12:58:40
4 [||||||||||||||||||||||||||||||||||||||||||||||100.0%]
```
2015-05-29 15:33:28 +02:00
Build script for reading Netflow (v5, v9, ipfix) data from pcap dump:
```bash
cmake .. -DBUILD_PCAP_READER=ON
```
Run pcap data:
```bash
2015-06-17 12:35:42 +02:00
./fastnetmon_pcap_reader sflow dump.pcap
./fastnetmon_pcap_reader netflow dump.pcap
2015-05-29 15:33:28 +02:00
```
2015-07-13 10:05:26 +02:00
How to run tests?
Compile and install Google Test Library:
```bash
cd /usr/src/
wget https://googletest.googlecode.com/files/gtest-1.7.0.zip
unzip gtest-1.7.0.zip
cd gtest-1.7.0
mkdir build
cd build
cmake ..
mkdir /opt/gtest
mkdir /opt/gtest/lib
cp -R ../include/ /opt/gtest/
cp libgtest_main.a libgtest.a /opt/gtest/lib/
```
Build and run tests:
```bash
cmake -DBUILD_TESTS=ON ..
./fastnetmon_tests
```
2015-05-29 15:33:28 +02:00
Build script for running packet capture plugins without analyzer backend:
```bash
cmake .. -DBUILD_PLUGIN_RUNNER=ON
```
Examples for different plugins (plugin name could be netflow, netmap, sflow, pfring, pcap):
```bash
./fastnetmon_plugin_runner netflow
```
2015-06-16 16:24:13 +02:00
How to collect data for debugging netflow:
```bash
tcpdump -w /root/netflow_data.pcap -n 'udp dst port 2055'
```
How to collect data for debugging sFLOW:
```bash
tcpdump -w /root/sflow_data.pcap -n 'udp dst port 6343'
```
2014-12-16 15:20:04 +01:00
Performance tuning:
- Do not use short prefixes (lesser then /24)
- Do not use extremely big prefixes (/8, /16) because memory consumption will be very big
2015-05-15 10:26:28 +02:00
How I can enable ZC support for PF_RING? Please install DNA/ZC dreivers, load they and add interface name with zc prefix in config file (i.e. zc:eth3)
2014-12-13 15:23:58 +01:00
2015-05-15 12:55:43 +02:00
For development new code, please check .clang-format as code guide example.
2014-11-22 14:22:35 +01:00
You can find more info and graphics [here ](http://forum.nag.ru/forum/index.php?showtopic=89703 )