I'm not sure, but maybe it's related to the value at " /proc/sys/net/nf_conntrack_max " or " /proc/sys/net/netfilter/nf_<div id=":2s7">conntrack_buckets "<br>You can increase this values with for example <br>
echo "123456" > /proc/sys/net/nf_conntrack_max<br>
If not, maybe you can try to search that limit value of 200 with..<br>find /proc/sys/net/ -name "*conntrack*" -exec echo {} \; -exec grep 200 {} \;<br>Anyway, 200 entries by default seems to be a low value.<br>
<br>
You may also want to enable/increase the value of max-pending-packets at suricata.yaml<br>Let us know if you find out a solution.<br><br></div><br clear="all">Best regards,<br>--<br>Pablo Rincón Crespo<br>Security researcher and developer<br>
Open Information Security Foundation ( <a href="http://www.openinfosecfoundation.org" target="_blank">http://www.openinfosecfoundation.org</a> )<br><br><br>
<br><br><div class="gmail_quote">2010/8/26 Morgan Cox <span dir="ltr"><<a href="mailto:morgancoxuk@gmail.com">morgancoxuk@gmail.com</a>></span><br><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
Hi.<br><br>I am running suricata on Ubuntu10.04.<br><br>I am getting the following messages occasionally <br><br>[ 4156.985131] nf_queue: full at 200 entries, dropping packets(s). Dropped: 1 <br>
[ 4156.985234] nf_queue: full at 200 entries, dropping packets(s). Dropped: 2 <br>[ 4156.985357] nf_queue: full at 200 entries, dropping packets(s). Dropped: 3 <br>
[ 4156.985481] nf_queue: full at 200 entries, dropping packets(s). Dropped: 4 <br>[ 4156.985603] nf_queue: full at 200 entries, dropping packets(s). Dropped: 5 <br>
[ 4156.985664] nf_queue: full at 200 entries, dropping packets(s). Dropped: 6 <br>[ 4156.985788] nf_queue: full at 200 entries, dropping packets(s). Dropped: 7 <br>
[ 4156.985910] nf_queue: full at 200 entries, dropping packets(s). Dropped: 8 <br>[ 4156.986033] nf_queue: full at 200 entries, dropping packets(s). Dropped: 9 <br>
[ 4156.986157] nf_queue: full at 200 entries, dropping packets(s). Dropped: 10 <br><br>Is there a way to increase the queue size ?<br><br>Cheers<br>
<br>_______________________________________________<br>
Oisf-users mailing list<br>
<a href="mailto:Oisf-users@openinfosecfoundation.org">Oisf-users@openinfosecfoundation.org</a><br>
<a href="http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" target="_blank">http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br>
<br></blockquote></div><br>