drill-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DRILL-5432) Want a memory format for PCAP files
Date Tue, 27 Jun 2017 10:23:00 GMT

    [ https://issues.apache.org/jira/browse/DRILL-5432?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16064601#comment-16064601
] 

ASF GitHub Bot commented on DRILL-5432:
---------------------------------------

Github user Vlad-Storona commented on the issue:

    https://github.com/apache/drill/pull/831
  
    As a result of project transferring problems were found out. In java-exec package exists
file bootstrap-storage-plugin.json from which drill takes information about supported files
formats. But in contrib package, there is no such file. If to transfer pcap-reader to contrib
package and not to remove information from bootstrap-storage-plugin.json about pcap format,
then there will be JsonMappingException. And if you remove this information from the config
file, then drill will can`t find pcap files. Maybe I have not enough info/experience about
drill. Maybe you can provide any solution how to handle this ?


> Want a memory format for PCAP files
> -----------------------------------
>
>                 Key: DRILL-5432
>                 URL: https://issues.apache.org/jira/browse/DRILL-5432
>             Project: Apache Drill
>          Issue Type: New Feature
>            Reporter: Ted Dunning
>
> PCAP files [1] are the de facto standard for storing network capture data. In security
and protocol applications, it is very common to want to extract particular packets from a
capture for further analysis.
> At a first level, it is desirable to query and filter by source and destination IP and
port or by protocol. Beyond that, however, it would be very useful to be able to group packets
by TCP session and eventually to look at packet contents. For now, however, the most critical
requirement is that we should be able to scan captures at very high speed.
> I previously wrote a (kind of working) proof of concept for a PCAP decoder that did lazy
deserialization and could traverse hundreds of MB of PCAP data per second per core. This compares
to roughly 2-3 MB/s for widely available Apache-compatible open source PCAP decoders.
> This JIRA covers the integration and extension of that proof of concept as a Drill file
format.
> Initial work is available at https://github.com/mapr-demos/drill-pcap-format
> [1] https://en.wikipedia.org/wiki/Pcap



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message