The WAND group from Computer Science Department Waikato University presented on developments in libtrace. Code is available from https://github.com/rsanger/libtrace and provides for parallel processing of network captures, which is aware of the 5-tuple and can keep this bound to one thread. This has possibilities for being useful in lots of ways for anyone doing high-speed packet capture processing. Quite a lot of the labs work depends on pcap data, and a constant problem for us is flow reconstruction. When you have a lot of data, the inherently serial qualities behind stream processing become a bottleneck. I’m interested in this library for offering a way to ‘do better’ handling our data.
Using the DPDK parallel processing logic, Wand can demonstrate 6-7 million packets per second processing. This is still a long way from being close to line rate on a 10G link with 64byte short packets, but it helps to get closer to the mark. (not that traffic normally is that much built from short packets, but we know they’re out there)
Wand have a long history of doing work in network capture and analysis, and deep links into the wider network research community. Good work being done here.
