From: Victor Julien <victor@inliniac.net>
Date: Tue, 16 Oct 2018 15:08:01 +0000 (+0200)
Subject: doc/performance: redo runmodes explanation
X-Git-Tag: suricata-4.1.0~77
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=226fe5cab3da7b881e9d713549308196c1ae54e5;p=thirdparty%2Fsuricata.git

doc/performance: redo runmodes explanation
---

diff --git a/doc/userguide/performance/runmodes.rst b/doc/userguide/performance/runmodes.rst
index 8f05f8de9f..6de162e654 100644
--- a/doc/userguide/performance/runmodes.rst
+++ b/doc/userguide/performance/runmodes.rst
@@ -19,17 +19,30 @@ Different runmodes
 ~~~~~~~~~~~~~~~~~~
 
 You can choose a runmode out of several predefined runmodes. The
-command line option --list-runmodes shows all available runmodes.  All
-runmodes have a name: auto, single, autofp.  The heaviest task is the
-detection; a packet will be checked against thousands of signatures.
+command line option --list-runmodes shows all available runmodes. All
+runmodes have a name: single, workers, autofp.
 
-Example of the default runmode:
+Generally, the ``workers`` runmode performs the best. In this mode the
+NIC/driver makes sure packets are properly balanced over Suricata's
+processing threads. Each packet processing thread then contains the
+full packet pipeline.
 
-.. image:: runmodes/threading1.png
+.. image:: runmodes/workers.png
 
-In the pfring mode, every flow follows its own fixed route in the runmode.
+For processing PCAP files, or in case of certain IPS setups (like NFQ),
+``autofp`` is used. Here there are one or more capture threads, that
+capture the packet and do the packet decoding, after which it is passed
+on to the ``flow worker`` threads.
 
-.. image:: runmodes/Runmode_autofp.png
+.. image:: runmodes/autofp1.png
+
+.. image:: runmodes/autofp2.png
+
+Finally, the ``single`` runmode is the same as the ``workers`` mode,
+however there is only a single packet processing thread. This useful
+during development.
+
+.. image:: runmodes/single.png
 
 For more information about the command line options concerning the
 runmode, see :doc:`../command-line-options`.
diff --git a/doc/userguide/performance/runmodes/autofp1.png b/doc/userguide/performance/runmodes/autofp1.png
new file mode 100644
index 0000000000..6bbcc9401f
Binary files /dev/null and b/doc/userguide/performance/runmodes/autofp1.png differ
diff --git a/doc/userguide/performance/runmodes/autofp2.png b/doc/userguide/performance/runmodes/autofp2.png
new file mode 100644
index 0000000000..d9c944d8ba
Binary files /dev/null and b/doc/userguide/performance/runmodes/autofp2.png differ
diff --git a/doc/userguide/performance/runmodes/single.png b/doc/userguide/performance/runmodes/single.png
new file mode 100644
index 0000000000..1623a4bc70
Binary files /dev/null and b/doc/userguide/performance/runmodes/single.png differ
diff --git a/doc/userguide/performance/runmodes/workers.png b/doc/userguide/performance/runmodes/workers.png
new file mode 100644
index 0000000000..eabbe27dd2
Binary files /dev/null and b/doc/userguide/performance/runmodes/workers.png differ