PF_RING™ is engineered to significantly improve packet capture rates, making it suitable for environments dealing with high network traffic volumes. It operates on Linux kernels 2.6.32 and later without requiring kernel patching; the functionality is enabled by simply loading a kernel module. The technology supports 100 Gbit hardware-based packet filtering using commodity network adapters from Intel and NVIDIA/Mellanox. User-space Zero Copy (ZC) drivers facilitate extreme packet capture and transmission speeds by allowing the NIC NPU (Network Processing Unit) to directly push and pull packets to and from userland, bypassing kernel intervention. With ZC drivers, it's possible to achieve up to 100 Gbit wire-speed for any packet size. The PF_RING ZC library enables zero-copy packet distribution across threads, applications, and Virtual Machines. Its device driver-independent API promotes code reusability across different network adapters. Zero-copy support extends to network adapters from Intel, NVIDIA (Mellanox), Napatech, and Silicom FPGA (Fiberblaze), among others. For adapters not supported by ZC, kernel-based packet capture is available. Seamless integration with existing pcap-based applications is ensured through libpcap support. Optimized nBPF filters complement legacy BPF. DPI content inspection with nDPI allows for the selective passing of packets based on desired L7 protocols. PF_RING™ has a modular architecture that makes it possible to use additional components other than the standard PF_RING™ kernel module, including ZC module, FPGA-based card modules, Stack module, Timeline module, and Sysdig module.

Features & Benefits

• High-Speed Packet Capture
  • Dramatically improves packet capture speed.
• Hardware-Based Packet Filtering
  • Supports 100 Gbit hardware-based packet filtering on Intel and NVIDIA/Mellanox adapters.
• User-Space ZC Drivers
  • Enables extreme packet capture/transmission speed, up to 100 Gbit wire-speed.
• Zero-Copy Packet Distribution
  • Distributes packets in zero-copy across threads, applications, and Virtual Machines.
• Device Driver Agnostic API
  • Provides an API for device driver-independent application code.
• Zero-Copy Support
  • Offers zero-copy support for Intel, NVIDIA (Mellanox), Napatech, Silicom FPGA (Fiberblaze), and other network adapters.
• Kernel-Based Packet Capture
  • Provides kernel-based packet capture for all adapters, when not supported by ZC.
• Libpcap Support
  • Ensures seamless integration with existing pcap-based applications.
• Optimized nBPF Filters
  • Features optimized nBPF filters in addition to the legacy BPF.
• DPI Content Inspection
  • Enables DPI content inspection with nDPI.