[Oisf-devel] Fwd: Incorrect packet stats in pcap and pf_ring capture modes
m1234dm1234n1234 .
brainbug123 at gmail.com
Wed Oct 12 15:33:03 UTC 2016
On Mon, Oct 3, 2016 at 10:31 AM, Peter Manev <petermanev at gmail.com> wrote:
>
> I had a discussion with a number of ppl with regards to the above.
> It seems there are could be a few dependencies and variations of the
> calculations in general (not just suricata) - depending on kernel
> version (for pcap specifically) and some more depending on Intel
> driver versions (possibly affecting capture modes like netmap and
> pfring).
>
> When talking to Jason about it - I think a sane good idea came up - we
> should document that (as a first step) and decide how we should handle
> that - supporting every variation or making sure it is documented.
>
> Can you please open a support ticket I guess? Since i believe this
> needs more investigation.
>
>
Sorry, have been busy lately. I opened a bug report, so let's start from
there.
In correlation with Intel NIC drivers, try to look beyond them, since I
used vmxnet3 drivers, but they probably have problems , too.
This presentation explains it perfectly:
https://vimeo.com/173610178
As always, I'm here to help with everything I can.
P.S. Makes you wonder about this statistics gathering, if they are wrong,
and some decisions are based on those false stats. :)
Marko
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20161012/d2c5c528/attachment-0002.html>
More information about the Oisf-devel
mailing list