any experience on BRO into hardware

Jules · December 11, 2006, 10:03pm

Hi All

Just wondering if someone has an experience compiling Bro into Hardware?

Thanks

Jim_Mellander · December 11, 2006, 11:23pm

Jules wrote:

Hi All

Just wondering if someone has an experience compiling Bro into Hardware?

Thanks

Not only have I had Bro running on Windows, but I have also gotten it to
run on a commodity Linksys router under the openwrt linux distribution.
I believe Jason has tinkered with it a bit and put some of the info up
at: http://www.dsd.lbl.gov/~jason/openwrt/

Jules · December 11, 2006, 11:38pm

Hi Jim

Thanks for the quick reply.

I am not sure if I got what you mean in your reply. What I actually meant is
to integrate Bro into the hardware itself and not configuring Bro to work
with a particular hardware.

Thanks.

Brian_Tierney · December 12, 2006, 12:09am

There is even more info up on www.bro-ids.org/linksys.html

Jim Mellander wrote:

Scott_Campbell · December 12, 2006, 6:45pm

Jules wrote:

Hi All

Just wondering if someone has an experience compiling Bro into Hardware?

Thanks

------------------------------------------------------------------------

_______________________________________________
Bro mailing list
bro@bro-ids.org
mailman.icsi.berkeley.edu Mailing Lists

Are you asking about some sort of pcap/bpf in hardware offloading, an
actual implementation of bro on dedicated hardware (like an ASIC), or
something else?

thanks!

scott

Jules · December 12, 2006, 6:51pm

Hi Scott

That's what I meant. I was talking about something like ASIC or FPGA.

thanks

Scott_Campbell · December 13, 2006, 6:58pm

There have been a number of efforts along these lines, but most of them
have focused less on taking the entire bro entity (or more likely the
event engine side) and punting it all into hardware.

In no particular order, you may want to look at:

http://www.icir.org/vern/papers/hotsec06.pdf

also Nick Weaver at ICIR may have some insight.

There has been significantly more work done on taking the bpf burden off
a host and running that in hardware. There are several different
companies that have products for this, but one that I have personal
experience with is the Force 10 P10 device. There is also a 1 gig
version as well.

In general I suspect that there is less to gain by running the entire
application on ASIC - there is still a considerable burden associated
with memory bandwidth and state maintenance. On the other hand if a
more knowledgeable person on this list has a different opinion, I would
be happy to recant.

Hopefully this is a little helpful?

thanks,

scott

Jules wrote:

Vern · December 27, 2006, 9:10pm

In no particular order, you may want to look at:

http://www.icir.org/vern/papers/hotsec06.pdf

We now have a paper available on a different approach, Shunting (with which
you Scott are of course already familiar):

http://www.icir.org/vern/papers/shunt-fpga-2007.pdf

- Vern

Jules · December 27, 2006, 9:20pm

Thanks Vern for the new link (the second link). I have read the first paper
already and it was interesting. Only the title of the new paper sounds good.

Jules

Topic		Replies	Views
Bro for embedded use? Zeek	10	72	May 6, 2022
Notes on compiling bro for Linksys Zeek	1	64	May 6, 2022
Hardware Experience Zeek	13	113	May 6, 2022
Bro for embedded use? Zeek	1	80	May 6, 2022
Problems with our hardware Zeek	1	98	May 6, 2022

any experience on BRO into hardware

Related topics