builtin-plugins/Zeek_PacketSourceUDP/__load__.zeek
- PacketSource::UDP
An opinionated Zeek packet source for the cloud.
- Namespace:
PacketSource::UDP
Summary
Redefinable Options
|
Which receiver implementation to usefor the UDP receiver Can be one of PacketSource::UDP::RECVMMSG or acketSource::UDP::IO_URING. |
Shift value for the buffer size. |
|
The number of buffers to for the ring. |
|
The number of entries in the completion queue. |
|
The number of entries in the submission queue. |
|
Relax time for GetNextTimeout() when no packet was seen. |
|
The size of an individual packet buffer for the recvmmsg() mplementation. |
|
The number of mmsghdrs to pass to recvmmsg() at once. |
|
Whether to use select on the socket to wake up Zeek’s IO loop. |
|
The size of the socket’s UDP receive buffer to configure in bytes |
Detailed Interface
Redefinable Options
- PacketSource::UDP::implementation
- Type:
- Attributes:
- Default:
PacketSource::UDP::RECVMMSG
Which receiver implementation to usefor the UDP receiver Can be one of PacketSource::UDP::RECVMMSG or acketSource::UDP::IO_URING.
- PacketSource::UDP::io_uring_buffer_shift
-
Shift value for the buffer size. Default is 14, meaning a buffer size of (1 << 14) = 16KB. This covers jumbo packets and also has plenty of room for the SO_TIMESTAMP information as well.
- PacketSource::UDP::io_uring_buffers
-
The number of buffers to for the ring.
- PacketSource::UDP::io_uring_cq_entries
-
The number of entries in the completion queue. Used with io_uring_queue_init_params()
- PacketSource::UDP::io_uring_sq_entries
-
The number of entries in the submission queue. We only submita single multishop RECVMSG op at a time, so keep this pretty small.
- PacketSource::UDP::poll_interval
-
Relax time for GetNextTimeout() when no packet was seen.
Applies to the IO_URING implementation. Applies to the RECVMMSG implementation only if recvmmsg_use_selectable_fd is F.
- PacketSource::UDP::recvmmsg_buffer_size
-
The size of an individual packet buffer for the recvmmsg() mplementation.
This is used for the iov_len field of an individual struct iovec. Defaults to 9216 + 32 bytes to cover jumbo packets and a bit of wiggle room for any extra encapsulation.
- PacketSource::UDP::recvmmsg_buffers
-
The number of mmsghdrs to pass to recvmmsg() at once.
- PacketSource::UDP::recvmmsg_use_selectable_fd
-
Whether to use select on the socket to wake up Zeek’s IO loop.
This applies to the recvmmsg() implementation only.
If F, the packet source acts in polling mode which can be more efficient at high packet rates. However, this comes with a higher idle CPU usage due to the busy polling. See the oll_interval setting above, too. Read up on Zeek’s internal io_poll_interval_live if you’re considering tuning anything here.
- PacketSource::UDP::udp_recv_buffer_size
-
The size of the socket’s UDP receive buffer to configure in bytes
Set this value to
0to use the kernel’ default.