[Oisf-users] Packets stucked in Nfqueue when running inline
Fernando Ortiz
fernando.ortiz.f at gmail.com
Wed Jun 22 07:50:35 UTC 2011
2011/6/21 Dave Remien <dave.remien at gmail.com>
> That's all new enough that the old "stuck packet" problem shouldn't be
> reappearing (was a problem up until about 2.6.21 or 22).
>
> Could you try running two instances of Suricata, one on each queue, rather
> than a single instance on two queues?
>
>
I ran two instances of Suricata at a time packets were getting stucked. I
let them run for a quarter of hour, zero packets stucked.
Just for be sure I load balanced traffic across 4 queues. I ran 3 instances
of Suricata
suricata -c /etc/suricata/suricata.yaml -q1 -q2 -D
suricata -c /etc/suricata/suricata.yaml -q4 -D
suricata -c /etc/suricata/suricata.yaml -q3 -D
ips2 ~]# cat /proc/net/netfilter/nfnetlink_queue
1 3147 37 2 65535 0 0 325684 1
2 -4292 28 2 65535 0 0 325686 1
3 3692 0 2 65535 0 0 112386 1
4 3706 0 2 65535 0 0 112387 1
That was interesting.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20110622/44a066f9/attachment-0002.html>
More information about the Oisf-users
mailing list