PF_RING is a Linux kernel module and user-space framework that allows you to process packets at high-rates while providing you a consistent API for packet processing applications.

PF_RING is a type of network socket that improves the packet capture speed, and that’s characterised by the following properties:

  1. Available for Linux kernels 2.6.32 and newer.
  2. No need to patch the kernel: just load the kernel module.
  3. 10 Gbit Hardware Packet Filtering using commodity network adapters
  4. User-space ZC (new generation DNA, Direct NIC Access) drivers for extreme packet capture/transmission speed as the NIC NPU (Network Process Unit) is pushing/getting packets to/from userland without any kernel intervention. Using the 10Gbit ZC driver you can send/received at wire-speed at any packet sizes.
  5. PF_RING ZC library for distributing packets in zero-copy across threads, applications, Virtual Machines.
  6. Device driver independent.
  7. Support of Accolade, Exablaze, Endace, Fiberblaze, Inveatech, Mellanox, Myricom/CSPI, Napatech, Netcope and Intel (ZC) network adapters.
  8. Kernel-based packet capture and sampling.
  9. Libpcap support (see below) for seamless integration with existing pcap-based applications.
  10. Ability to specify hundred of header filters in addition to BPF.
  11. Content inspection, so that only packets matching the payload filter are passed.
  12. PF_RING™ plugins for advanced packet parsing and content filtering.

If you want to know about PF_RING visit the Documentation section.

Download Links

http://packages.ntop.org/

https://github.com/ntop/PF_RING

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.