<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Hi <br>
</p>
<p>I'm working on suricata with netmap. <br>
</p>
<p>I builded suricata 4.0.3 with netmap on centos 7(kernel 3.10.xx).<br>
<br>
I disabled rx/tx and lro/gro<br>
</p>
<p>ethtool -K ens15f0 lro off gro off<br>
ethtool -K ens15f1 lro off gro off<br>
<br>
ethtool -A ens15f0 rx off tx off<br>
ethtool -A ens15f1 rx off tx off<br>
</p>
<p>Traffic does not forward when I start suricata.<br>
</p>
<p>From 10.1.8.2 icmp_seq=18 Destination Host Unreachable<br>
From 10.1.8.2 icmp_seq=19 Destination Host Unreachable<br>
</p>
<p>Any idea? Thank you for your help.<br>
</p>
<p><b>my suricata config</b><br>
</p>
<p>netmap:<br>
- inteface: default<br>
</p>
<p> - interface: ens15f0<br>
copy-iface: ens15f1<br>
copy-mode: ips<br>
disable-promisc: no<br>
checksum-checks: auto<br>
threads: auto</p>
<p> - interface: ens15f1<br>
copy-iface: ens15f0<br>
copy-mode: ips<br>
disable-promisc: no<br>
checksum-checks: auto<br>
threads: auto</p>
<p><b>Kenel Modules</b><br>
</p>
<p>[root@centos7 ~]# lsmod | grep netmap<br>
netmap 154288 2 igb,ixgbe<br>
<br>
</p>
<p><b>Build INFO</b><br>
[root@centos7 ~]# suricata --build-info<br>
This is Suricata version 4.0.3 RELEASE<br>
Features: NFQ PCAP_SET_BUFF AF_PACKET NETMAP HAVE_PACKET_FANOUT
LIBCAP_NG LIBNET1.1 HAVE_HTP_URI_NORMALIZE_HOOK PCRE_JIT HAVE_NSS
HAVE_LUA HAVE_LIBJANSSON TLS MAGIC <br>
SIMD support: none<br>
Atomic intrisics: 1 2 4 8 byte(s)<br>
64-bits, Little-endian architecture<br>
GCC version 4.8.5 20150623 (Red Hat 4.8.5-16), C version 199901<br>
compiled with _FORTIFY_SOURCE=2<br>
L1 cache line size (CLS)=64<br>
thread local storage method: __thread<br>
compiled with LibHTP v0.5.25, linked against LibHTP v0.5.25<br>
<br>
Suricata Configuration:<br>
AF_PACKET support: yes<br>
PF_RING support: no<br>
NFQueue support: yes<br>
NFLOG support: yes<br>
IPFW support: no<br>
Netmap support: yes<br>
DAG enabled: no<br>
Napatech enabled: no<br>
<br>
Unix socket enabled: yes<br>
Detection enabled: yes<br>
<br>
Libmagic support: yes<br>
libnss support: yes<br>
libnspr support: yes<br>
libjansson support: yes<br>
hiredis support: yes<br>
hiredis async with libevent: yes<br>
Prelude support: yes<br>
PCRE jit: yes<br>
LUA support: yes<br>
libluajit: no<br>
libgeoip: yes<br>
Non-bundled htp: no<br>
Old barnyard2 support: no<br>
CUDA enabled: no<br>
Hyperscan support: no<br>
Libnet support: yes<br>
<br>
Rust support (experimental): no<br>
Experimental Rust parsers: no<br>
Rust strict mode: no<br>
<br>
Suricatasc install: yes<br>
<br>
Profiling enabled: no<br>
Profiling locks enabled: no<br>
<br>
Development settings:<br>
Coccinelle / spatch: no<br>
Unit tests enabled: no<br>
Debug output enabled: no<br>
Debug validation enabled: no<br>
<br>
Generic build parameters:<br>
Installation prefix: /usr<br>
Configuration directory: /etc/suricata/<br>
Log directory: /var/log/suricata/<br>
<br>
--prefix /usr<br>
--sysconfdir /etc<br>
--localstatedir /var<br>
<br>
Host: x86_64-redhat-linux-gnu<br>
Compiler: gcc -std=gnu99 (exec
name) / gcc (real)<br>
GCC Protect enabled: yes<br>
GCC march native enabled: no<br>
GCC Profile enabled: no<br>
Position Independent Executable enabled: yes<br>
CFLAGS -O2 -g -pipe -Wall
-Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong
--param=ssp-buffer-size=4 -grecord-gcc-switches -m64
-mtune=generic<br>
PCAP_CFLAGS <br>
SECCFLAGS -fstack-protector
-D_FORTIFY_SOURCE=2 -Wformat -Wformat-security<br>
<br>
</p>
<pre class="moz-signature" cols="72">--
Fatih USTA</pre>
</body>
</html>