[Oisf-users] suricata refuse to start if Failure when trying to get MTU via ioctl:19

Luca Deri deri at ntop.org
Wed Jan 11 12:41:19 EST 2012


Delta
honestly we are a bit busy, so rebuilding your environment takes a bit of time we don;t have. At the same time we're willing to fix this issue. THus I kindly ask you to provide us a login via ssh to your box where we can reproduce the bug.

Thanks Luca and Alfredo

On Jan 11, 2012, at 3:03 AM, Delta Yeh wrote:

> This is debian squeeze box.
> I run suricata with  ./suricata -c /etc/suricata/suricta.yaml -F
> /etc/suricata/bpf.filter --pfring
> In suricata.yaml there 2 interfaces configured, both are mirror ports.
> Sometimes it will succeed to start suricta.
> 
> Here is the gdb bt output:
> 
> Program terminated with signal 11, Segmentation fault.
> #0  0xb75a449b in pcap__switch_to_buffer () from /usr/lib/libpcap.so.0.8
> (gdb) bt
> #0  0xb75a449b in pcap__switch_to_buffer () from /usr/lib/libpcap.so.0.8
> #1  0xb75a457a in pcap__scan_buffer () from /usr/lib/libpcap.so.0.8
> #2  0xb75a45f7 in pcap__scan_bytes () from /usr/lib/libpcap.so.0.8
> #3  0xb75a465e in pcap__scan_string () from /usr/lib/libpcap.so.0.8
> #4  0xb75a468d in lex_init () from /usr/lib/libpcap.so.0.8
> #5  0xb759518f in pcap_compile () from /usr/lib/libpcap.so.0.8
> #6  0xb7595a0b in pcap_compile_nopcap () from /usr/lib/libpcap.so.0.8
> #7  0xb7585a49 in pfring_mod_set_bpf_filter () from /usr/local/lib/libpfring.so
> #8  0xb7583a90 in pfring_set_bpf_filter () from /usr/local/lib/libpfring.so
> #9  0x0805f34f in ReceivePfringThreadInit (tv=0x9108f40, initdata=0x91075e0,
>    data=0x910901c) at source-pfring.c:343
> #10 0x0812e4b5 in TmThreadsSlotPktAcqLoop (td=0x9108f40) at tm-threads.c:553
> #11 0xb754d955 in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
> #12 0xb747fe7e in clone () from /lib/tls/i686/cmov/libc.so.6
> 
> 
> The bpf file is
> # cat /etc/suricata/bpf.filter
> tcp and ((host 10.64.0.188) or (host 10.64.0.163))
> 
> 
> 
> 2012/1/10 Luca Deri <deri at ntop.org>:
>> Delta
>> please cc my colleague Alfredo that is working on a similar issue with
>> PF_RING/BPF
>> 
>> Thanks Luca
>> 
>> 
>> On 01/10/2012 02:03 PM, Delta Yeh wrote:
>>> 
>>> It crashed at pfring_set_bpf_filter  with libpacap  v0.8, which is
>>> debian squeeze stable.
>>> I will try to produce a core file.
>>> 
>>> 2012/1/5 Delta Yeh<delta.yeh at gmail.com>:
>>>> 
>>>> Hi,
>>>> OS is debian squeeze, suricata version 1.2 dev + pfring5.1
>>>> 
>>>> I start suricata with ./suricata -c /etc/suricata/suricata.yaml  --pfring
>>>> 
>>>> 
>>>> The interface  of pfring is a mirror port, and there is traffic.
>>>> 
>>>> I retry several times and I succeed to start suricata only once.
>>>> 
>>>> suricata refuse to start if the following error occured:
>>>>    (util-ioctl.c:85)<Info>  (GetIfaceMTU) --Failure when trying to
>>>> get MTU via ioctl:19
>>>> 
>>>> This is the last line of logs printed on console.
>>>> 
>>>> BR,
>>>> 
>>>> DeltaY
>> 
>> 



More information about the Oisf-users mailing list