[Oisf-devel] <Error> (ReceivePfring) -- [ERRCODE: SC_ERR_PF_RING_RECV(31)] - pfring_recv error -1

Will Metcalf william.metcalf at gmail.com
Wed Aug 3 21:35:21 UTC 2011


You need to upgrade to the latest suricata version from git. Packets
are now passed as a reference in PF_RING 4.7.1, which required us to
modify suri.

Regards,

Will
On Wed, Aug 3, 2011 at 4:30 PM,  <David.R.Wharton at regions.com> wrote:
> I'm trying to get Suricata up and running with PF_RING but I keep getting a
> pfring_recv error.  Here is a snipped from when Suricata starts up:
>
> [13373] 3/8/2011 -- 16:25:22 - (source-pfring.c:313) <Info>
> (ReceivePfringThreadInit) -- (ReceivePfring) Using PF_RING v.4.7.1,
> interface eth2, cluster-id 99
> [13354] 3/8/2011 -- 16:25:23 - (tm-threads.c:1485) <Info>
> (TmThreadWaitOnThreadInit) -- all 11 packet processing threads, 3 management
> threads initialized, engine started.
> [13373] 3/8/2011 -- 16:25:23 - (source-pfring.c:232) <Error> (ReceivePfring)
> -- [ERRCODE: SC_ERR_PF_RING_RECV(31)] - pfring_recv error  -1
> [13373] 3/8/2011 -- 16:25:23 - (source-pfring.c:332) <Info>
> (ReceivePfringThreadExitStats) -- (ReceivePfring) Packets 0, bytes 0
> [13373] 3/8/2011 -- 16:25:23 - (source-pfring.c:336) <Info>
> (ReceivePfringThreadExitStats) -- (ReceivePfring) Pfring Total:0 Recv:0
> Drop:0 (nan%).
> [13354] 3/8/2011 -- 16:25:24 - (tm-threads.c:1400) <Info>
> (TmThreadRestartThread) -- thread "ReceivePfring" restarted
> [13387] 3/8/2011 -- 16:25:24 - (source-pfring.c:313) <Info>
> (ReceivePfringThreadInit) -- (ReceivePfring) Using PF_RING v.4.7.1,
> interface eth2, cluster-id 99
> [13387] 3/8/2011 -- 16:25:24 - (source-pfring.c:232) <Error> (ReceivePfring)
> -- [ERRCODE: SC_ERR_PF_RING_RECV(31)] - pfring_recv error  -1
> [13387] 3/8/2011 -- 16:25:24 - (source-pfring.c:332) <Info>
> (ReceivePfringThreadExitStats) -- (ReceivePfring) Packets 0, bytes 0
> [13387] 3/8/2011 -- 16:25:24 - (source-pfring.c:336) <Info>
> (ReceivePfringThreadExitStats) -- (ReceivePfring) Pfring Total:0 Recv:0
> Drop:0 (nan%).
> [13354] 3/8/2011 -- 16:25:24 - (tm-threads.c:1400) <Info>
> (TmThreadRestartThread) -- thread "ReceivePfring" restarted
> [13388] 3/8/2011 -- 16:25:24 - (source-pfring.c:313) <Info>
> (ReceivePfringThreadInit) -- (ReceivePfring) Using PF_RING v.4.7.1,
> interface eth2, cluster-id 99
> [13388] 3/8/2011 -- 16:25:24 - (source-pfring.c:232) <Error> (ReceivePfring)
> -- [ERRCODE: SC_ERR_PF_RING_RECV(31)] - pfring_recv error  -1
> [13388] 3/8/2011 -- 16:25:24 - (source-pfring.c:332) <Info>
> (ReceivePfringThreadExitStats) -- (ReceivePfring) Packets 0, bytes 0
> [13388] 3/8/2011 -- 16:25:24 - (source-pfring.c:336) <Info>
> (ReceivePfringThreadExitStats) -- (ReceivePfring) Pfring Total:0 Recv:0
> Drop:0 (nan%).
> [13354] 3/8/2011 -- 16:25:24 - (tm-threads.c:1400) <Info>
> (TmThreadRestartThread) -- thread "ReceivePfring" restarted
> [13389] 3/8/2011 -- 16:25:24 - (source-pfring.c:313) <Info>
> (ReceivePfringThreadInit) -- (ReceivePfring) Using PF_RING v.4.7.1,
> interface eth2, cluster-id 99
> [13389] 3/8/2011 -- 16:25:24 - (source-pfring.c:232) <Error> (ReceivePfring)
> -- [ERRCODE: SC_ERR_PF_RING_RECV(31)] - pfring_recv error  -1
> [13389] 3/8/2011 -- 16:25:24 - (source-pfring.c:332) <Info>
> (ReceivePfringThreadExitStats) -- (ReceivePfring) Packets 0, bytes 0
> [13389] 3/8/2011 -- 16:25:24 - (source-pfring.c:336) <Info>
> (ReceivePfringThreadExitStats) -- (ReceivePfring) Pfring Total:0 Recv:0
> Drop:0 (nan%).
> [13354] 3/8/2011 -- 16:25:24 - (tm-threads.c:1400) <Info>
> (TmThreadRestartThread) -- thread "ReceivePfring" restarted
> [13390] 3/8/2011 -- 16:25:24 - (source-pfring.c:313) <Info>
> (ReceivePfringThreadInit) -- (ReceivePfring) Using PF_RING v.4.7.1,
> interface eth2, cluster-id 99
> [13390] 3/8/2011 -- 16:25:24 - (source-pfring.c:232) <Error> (ReceivePfring)
> -- [ERRCODE: SC_ERR_PF_RING_RECV(31)] - pfring_recv error  -1
> [13390] 3/8/2011 -- 16:25:24 - (source-pfring.c:332) <Info>
> (ReceivePfringThreadExitStats) -- (ReceivePfring) Packets 0, bytes 0
> [13390] 3/8/2011 -- 16:25:24 - (source-pfring.c:336) <Info>
> (ReceivePfringThreadExitStats) -- (ReceivePfring) Pfring Total:0 Recv:0
> Drop:0 (nan%).
> [13354] 3/8/2011 -- 16:25:24 - (tm-threads.c:1400) <Info>
> (TmThreadRestartThread) -- thread "ReceivePfring" restarted
> [13391] 3/8/2011 -- 16:25:24 - (source-pfring.c:313) <Info>
> (ReceivePfringThreadInit) -- (ReceivePfring) Using PF_RING v.4.7.1,
> interface eth2, cluster-id 99
> [13391] 3/8/2011 -- 16:25:24 - (source-pfring.c:232) <Error> (ReceivePfring)
> -- [ERRCODE: SC_ERR_PF_RING_RECV(31)] - pfring_recv error  -1
> [13391] 3/8/2011 -- 16:25:24 - (source-pfring.c:332) <Info>
> (ReceivePfringThreadExitStats) -- (ReceivePfring) Packets 0, bytes 0
> [13391] 3/8/2011 -- 16:25:24 - (source-pfring.c:336) <Info>
> (ReceivePfringThreadExitStats) -- (ReceivePfring) Pfring Total:0 Recv:0
> Drop:0 (nan%).
> [13354] 3/8/2011 -- 16:25:24 - (tm-threads.c:1400) <Info>
> (TmThreadRestartThread) -- thread "ReceivePfring" restarted
> [13392] 3/8/2011 -- 16:25:24 - (source-pfring.c:313) <Info>
> (ReceivePfringThreadInit) -- (ReceivePfring) Using PF_RING v.4.7.1,
> interface eth2, cluster-id 99
> [13392] 3/8/2011 -- 16:25:24 - (source-pfring.c:232) <Error> (ReceivePfring)
> -- [ERRCODE: SC_ERR_PF_RING_RECV(31)] - pfring_recv error  -1
> [13392] 3/8/2011 -- 16:25:24 - (source-pfring.c:332) <Info>
> (ReceivePfringThreadExitStats) -- (ReceivePfring) Packets 0, bytes 0
> [13392] 3/8/2011 -- 16:25:24 - (source-pfring.c:336) <Info>
> (ReceivePfringThreadExitStats) -- (ReceivePfring) Pfring Total:0 Recv:0
> Drop:0 (nan%).
> [13354] 3/8/2011 -- 16:25:24 - (tm-threads.c:1400) <Info>
> (TmThreadRestartThread) -- thread "ReceivePfring" restarted
> [13393] 3/8/2011 -- 16:25:25 - (source-pfring.c:313) <Info>
> (ReceivePfringThreadInit) -- (ReceivePfring) Using PF_RING v.4.7.1,
> interface eth2, cluster-id 99
> [13393] 3/8/2011 -- 16:25:25 - (source-pfring.c:232) <Error> (ReceivePfring)
> -- [ERRCODE: SC_ERR_PF_RING_RECV(31)] - pfring_recv error  -1
> [13393] 3/8/2011 -- 16:25:25 - (source-pfring.c:332) <Info>
> (ReceivePfringThreadExitStats) -- (ReceivePfring) Packets 0, bytes 0
> [13393] 3/8/2011 -- 16:25:25 - (source-pfring.c:336) <Info>
> (ReceivePfringThreadExitStats) -- (ReceivePfring) Pfring Total:0 Recv:0
> Drop:0 (nan%).
> [13354] 3/8/2011 -- 16:25:25 - (tm-threads.c:1400) <Info>
> (TmThreadRestartThread) -- thread "ReceivePfring" restarted
> [13395] 3/8/2011 -- 16:25:25 - (source-pfring.c:307) <Error>
> (ReceivePfringThreadInit) -- [ERRCODE:
> SC_ERR_PF_RING_SET_CLUSTER_FAILED(37)] - pfring_set_cluster returned -1 for
> cluster-id: 99
> [13354] 3/8/2011 -- 16:25:25 - (suricata.c:1363) <Info> (main) -- signal
> received
> [13354] 3/8/2011 -- 16:25:25 - (suricata.c:1414) <Info> (main) -- time
> elapsed 3s
> [13384] 3/8/2011 -- 16:25:25 - (flow.c:1142) <Info> (FlowManagerThread) -- 0
> new flows, 0 established flows were timed out, 0 flows in closed state
> [13354] 3/8/2011 -- 16:25:25 - (stream-tcp-reassemble.c:352) <Info>
> (StreamTcpReassembleFree) -- Max memuse of the stream reassembly engine
> 11220864 (in use 0)
> [13354] 3/8/2011 -- 16:25:25 - (stream-tcp.c:495) <Info>
> (StreamTcpFreeConfig) -- Max memuse of stream engine 4063232 (in use 0)
> [13354] 3/8/2011 -- 16:25:26 - (detect.c:3403) <Info>
> (SigAddressCleanupStage1) -- cleaning up signature grouping structure...
> complete
>
> I am running PF_RING 4.7.1 ($Revision: 4753$) and Suricata version 1.1beta2.
>
> PF_RING seems to be installed OK and I can run the pfcount program just
> fine:
>
> # cat /proc/net/pf_ring/info
> PF_RING Version     : 4.7.1 ($Revision: 4753$)
> Ring slots          : 4096
> Slot version        : 13
> Capture TX          : Yes [RX+TX]
> IP Defragment       : No
> Socket Mode         : Standard
> Transparent mode    : Yes (mode 0)
> Total rings         : 0
> Total plugins       : 0
>
>
> # ./pfcount -i eth2
> Using PF_RING v.4.7.1
> Capturing from eth2 [00:1B:78:31:F1:A4]
> # Device RX channels: 1
> # Polling threads:    1
> =========================
> Absolute Stats: [49859 pkts rcvd][0 pkts dropped]
> Total Pkts=49859/Dropped=0.0 %
> 49'859 pkts - 28'713'541 bytes
> =========================
>
> =========================
> Absolute Stats: [102158 pkts rcvd][0 pkts dropped]
> Total Pkts=102158/Dropped=0.0 %
> 102'158 pkts - 59'531'866 bytes [101'959.38 pkt/sec - 475.33 Mbit/sec]
> =========================
> Actual Stats: 52299 pkts [1'001.94 ms][52'197.37 pkt/sec]
> =========================
>
>
> Any ideas?
>
> Thanks.
>
> -David
>
>
> _______________________________________________
> Oisf-devel mailing list
> Oisf-devel at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
>
>



More information about the Oisf-devel mailing list