[Oisf-users] Packets stucked in Nfqueue when running inline
Fernando Ortiz
fernando.ortiz.f at gmail.com
Mon Jun 20 17:34:35 UTC 2011
Hello, I am running suricata 1.1beta2 (rev ) inline with this command:
suricata -c /etc/suricata/suricata.yaml -q1 -q2 -D
Everything seems to work just fine, but when I check nfnetlink_queue, i see
there are some packets in queue waiting for verdict.
@ips2 ~]# cat /proc/net/netfilter/nfnetlink_queue
1 10893 *555* 2 65535 0 0 169915460 1
2 -4282 *552* 2 65535 0 0 169915475 1
This happens most at night. Traffic is around 15 Mb/s with pikes at 20 Mb/s.
The packets stucked are a few compared with the total number of packets
processed by Suricata. No problems reported by anyone in the network.
If I bypassed Suricata (iptables -F) packets are still there until I kill
suricata process.
I don't believe this is a suricata issue, but I wanted to check with you
anyway. I don't know how to see what packets are stucked. And I don't know
exactly when this happen.
Any suggestions please?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20110620/4ba5bab6/attachment-0002.html>
More information about the Oisf-users
mailing list