Hello All,
I did some searching through the -user and -dev archives and did not come up w/ any hits so I apologize if this has been discussed already.
Has anyone researched using a GPU to offload the processing of packets when importing a capture? I know GPU's are not general purpose but they do have the ability to really excel at certain operations. What I am not sure of is, if the operations used in processing a capture would fit into those defined instructions a GPU can perform. From the research mentioned below it appears some benefit can come from this approach, I guess the question then becomes, is it enough to justify the development.
Some general googling has found a version of snort called Gnort that can offload some processing to a GPU. There is also a company named ngaura
(http://ngarua.com/index.php/gapp) that has a technology called GAPP (GPU Accelerated Packet Processing) that has done some work on this.
Wireshark 1.3 has significantly improved the load times of captures files, I am really looking forward to what is to come when it becomes final and we see some of the new features in 1.4. Also, the CACE Pilot product is very nice, in fact, I wouldn't be surprised if any GPU offloading appeared there first. Pilot has some nice features, I hope we see a trickle-down of features to the wireshark product. I can only imagine how fast things could be if GPU acceleration is able to be leveraged.
In my day to day duties I sometimes will have the need to perform packet captures on very busy links, which I'm sure you all know can yield insanely large capture files. Even when limiting the packet size these >1gig files are a bear to work with.. One recent issue was detecting micro bursting that was saturating a gig link and causing buffer saturation. This can be difficult enough to find when the link is 100mbit, much less 1gbit, but I digress.
I hope this comes across as an interesting idea and spurs some discussion.
Thanks,
Chris
