I&#39;m not sure, but maybe it&#39;s related to the value at &quot; /proc/sys/net/nf_conntrack_max &quot; or &quot; /proc/sys/net/netfilter/nf_<div id=":2s7">conntrack_buckets &quot;<br>You can increase this values with for example <br>

echo &quot;123456&quot; &gt; /proc/sys/net/nf_conntrack_max<br>
If not, maybe you can try to search that limit value of 200 with..<br>find /proc/sys/net/ -name &quot;*conntrack*&quot; -exec echo {} \; -exec grep 200 {} \;<br>Anyway, 200 entries by default seems to be a low value.<br>

<br>
You may also want to enable/increase the value of max-pending-packets at suricata.yaml<br>Let us know if you find out a solution.<br><br></div><br clear="all">Best regards,<br>--<br>Pablo Rincón Crespo<br>Security researcher and developer<br>

 Open Information Security Foundation ( <a href="http://www.openinfosecfoundation.org" target="_blank">http://www.openinfosecfoundation.org</a> )<br><br><br>
<br><br><div class="gmail_quote">2010/8/26 Morgan Cox <span dir="ltr">&lt;<a href="mailto:morgancoxuk@gmail.com">morgancoxuk@gmail.com</a>&gt;</span><br><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">

Hi.<br><br>I am running suricata on Ubuntu10.04.<br><br>I am getting the following messages occasionally <br><br>[ 4156.985131] nf_queue: full at 200 entries, dropping packets(s). Dropped: 1                                                                                                       <br>



[ 4156.985234] nf_queue: full at 200 entries, dropping packets(s). Dropped: 2                                                                                                       <br>[ 4156.985357] nf_queue: full at 200 entries, dropping packets(s). Dropped: 3                                                                                                       <br>



[ 4156.985481] nf_queue: full at 200 entries, dropping packets(s). Dropped: 4                                                                                                       <br>[ 4156.985603] nf_queue: full at 200 entries, dropping packets(s). Dropped: 5                                                                                                       <br>



[ 4156.985664] nf_queue: full at 200 entries, dropping packets(s). Dropped: 6                                                                                                       <br>[ 4156.985788] nf_queue: full at 200 entries, dropping packets(s). Dropped: 7                                                                                                       <br>



[ 4156.985910] nf_queue: full at 200 entries, dropping packets(s). Dropped: 8                                                                                                       <br>[ 4156.986033] nf_queue: full at 200 entries, dropping packets(s). Dropped: 9                                                                                                       <br>



[ 4156.986157] nf_queue: full at 200 entries, dropping packets(s). Dropped: 10    <br><br>Is there a way to increase the queue size ?<br><br>Cheers<br>
<br>_______________________________________________<br>
Oisf-users mailing list<br>
<a href="mailto:Oisf-users@openinfosecfoundation.org">Oisf-users@openinfosecfoundation.org</a><br>
<a href="http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" target="_blank">http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br>
<br></blockquote></div><br>