[Oisf-users] Packets stucked in Nfqueue when running inline
Dave Remien
dave.remien at gmail.com
Tue Jun 21 17:36:28 UTC 2011
That's all new enough that the old "stuck packet" problem shouldn't be
reappearing (was a problem up until about 2.6.21 or 22).
Could you try running two instances of Suricata, one on each queue, rather
than a single instance on two queues?
As a separate thing, do you have tunnels crossing the IPS that have traffic
being inspected?
On Tue, Jun 21, 2011 at 10:36 AM, Fernando Ortiz <fernando.ortiz.f at gmail.com
> wrote:
> Hi Dave, Suricata is running in Arch Linux,
>
> Kernel 2.6.32-lts
> llibnetfilter_queue-1.0.0-1 is up to date
> libnfnetlink-1.0.0-1
>
>
> 2011/6/21 Dave Remien <dave.remien at gmail.com>
>
>> What versions of the kernel, nfnetlink and nfnetlink_queue are you
>> running?
>>
>>
>> >Everything seems to work just fine, but when I check nfnetlink_queue, i
>> see
>> >there are some packets in queue waiting for verdict.
>> >
>> >@ips2 ~]# cat /proc/net/netfilter/nfnetlink_queue
>> > 1 10893 *555* 2 65535 0 0 169915460 1
>> > 2 -4282 *552* 2 65535 0 0 169915475 1
>>
>>
>>
>
>
--
"Of course, someone who knows more about this will correct me if I'm
wrong, and someone who knows less will correct me if I'm right."
David Palmer (palmer at tybalt.caltech.edu)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20110621/1f7f0e3c/attachment-0002.html>
More information about the Oisf-users
mailing list