[Oisf-users] max-pending-packets maxing out at 65,000
Victor Julien
victor at inliniac.net
Sat Dec 10 08:19:17 UTC 2011
On 12/10/2011 07:35 AM, Josh White wrote:
> I appear to be hitting a ceiling of 65,000 packets when setting
> max-pending-packets. If I set it to anything higher, even "66,000" Suricata
> fails to start.
>
> ---
> suricata -c /etc/suricata/suricata.yaml -i eth0
> [3037] 10/12/2011 -- 01:29:11 - (suricata.c:649) <Info> (main) -- This is
> Suricata version 1.1 (rev )
> [3037] 10/12/2011 -- 01:29:11 - (util-cpu.c:171) <Info>
> (UtilCpuPrintSummary) -- CPUs/cores online: 24
> [3037] 10/12/2011 -- 01:29:11 - (util-ioctl.c:85) <Info> (GetIfaceMTU) --
> Failure when trying to get MTU via ioctl: 19
> [3037] 10/12/2011 -- 01:29:11 - (detect-pcre.c:128) <Info>
> (DetectPcreRegister) -- Using PCRE match-limit setting of: 3500
> [3037] 10/12/2011 -- 01:29:11 - (detect-pcre.c:138) <Info>
> (DetectPcreRegister) -- Using PCRE match-limit-recursion setting of: 1500
> ---
>
> Can anyone tell me why? Is this a hard set limit?
Yeah it's a hard limit. Our packet pool is a lockless ringbuffer that
can contain USHRT_MAX, so 65535 packets.
Any reason to need more?
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list