Cores are not utilized with a pcap file

[HKalbasi]

I have a 4GB pcap file with 9M packets, and retina is able to detect its tls and dns traffic in the basic example in ~5000 milliseconds (so 6.4 Gbit/s). That's not bad, but far from the advertised 100Gbit/s. I looked at the core usage of the machine, and found that only a single core is 100%, ~5 cores are ~10%, and the rest are zero. So I guessed maybe there is a problem around load balancing.

Here are my questions:

1. How I can configure the number of cores in the offline case? I found the online.port.cores for the online usage but nothing equivalent for the offline case.
2. What is the mechanism of load balancing between cores in retina? Where is it defined? In DPDK? How can I configure/change it?

I'm new to retina and DPDK, so sorry for my basic questions and thanks in advance for your time and patience.

[thearossman]

Hello! There's no multi-core support for offline mode in Retina. You're right that the RX logic in the Offline runtime is just a single core reading from a pcap file. In general, offline mode is designed for development, functional testing, and perhaps microbenchmarking aspects of the system, not for performance.

Is there a use-case for Retina that you have that requires high-performance on offline mode? Either way, I can mark this as a feature request for now.