[Oisf-users] Packets stucked in Nfqueue when running inline
Eric Leblond
eric at regit.org
Wed Jun 22 08:00:21 UTC 2011
Hello,
On Wed, 2011-06-22 at 02:50 -0500, Fernando Ortiz wrote:
>
> 2011/6/21 Dave Remien <dave.remien at gmail.com>
> That's all new enough that the old "stuck packet" problem
> shouldn't be reappearing (was a problem up until about 2.6.21
> or 22).
>
>
> Could you try running two instances of Suricata, one on each
> queue, rather than a single instance on two queues?
>
>
>
>
> I ran two instances of Suricata at a time packets were getting
> stucked. I let them run for a quarter of hour, zero packets stucked.
>
>
> Just for be sure I load balanced traffic across 4 queues. I ran 3
> instances of Suricata
>
>
> suricata -c /etc/suricata/suricata.yaml -q1 -q2 -D
> suricata -c /etc/suricata/suricata.yaml -q4 -D
> suricata -c /etc/suricata/suricata.yaml -q3 -D
>
>
> ips2 ~]# cat /proc/net/netfilter/nfnetlink_queue
> 1 3147 37 2 65535 0 0 325684 1
> 2 -4292 28 2 65535 0 0 325686 1
> 3 3692 0 2 65535 0 0 112386 1
> 4 3706 0 2 65535 0 0 112387 1
>
>
> That was interesting.
Great test! Looks like the two threads are not coexisting peacefully. I
will try to have a look ASAP.
BR,
--
Eric Leblond
Blog: http://home.regit.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20110622/ac6080c8/attachment.sig>
More information about the Oisf-users
mailing list