[Oisf-users] Fwd: Suricata IPS with 8 threads
Hariharan Thantry
thantry at gmail.com
Mon Jan 9 21:48:51 UTC 2012
It works. Both with the default MTU, and the larger MTU size.
Are there any recommended settings with cpu_affinity turned on, with
the multi-queue option?
Is there a way, for instance, to bind each hardware NIC queue to an
individual NFQUEUE queue, and then on to an individual Suricata
thread, that is then affinitized to a particular hyperthread or core?
Wouldn't it be better to have a single thread/connection doing all the
Suricata work for that connection be resident in a single thread
affinitized onto a single hyperthread for better caching performance?
Also, I notice code in the Git tree that uses IPFW in IPS mode as
well. Is that not supported anymore?
Thanks,
Hari
On Sat, Jan 7, 2012 at 12:25 AM, Victor Julien <victor at inliniac.net> wrote:
> This patch has been committed to our git tree. Please test it!
>
> Cheers,
> Victor
>
> On 01/04/2012 09:12 PM, Hariharan Thantry wrote:
>> Hi Eric,
>>
>> Thanks. Is it committed to the tree?
>> If not, can you send me the patch?
>>
>> Thanks,
>> Hari
>>
>> On Wed, Jan 4, 2012 at 1:07 AM, Eric Leblond <eric at regit.org> wrote:
>>> Hello,
>>>
>>> Le mercredi 04 janvier 2012 à 09:22 +0100, Eric Leblond a écrit :
>>>> Hello,
>>>>
>>>> Le mardi 03 janvier 2012 à 14:55 -0800, Hariharan Thantry a écrit :
>>>>> The multiqueue option in Suricata IPS (1.2beta1) seems to have issues
>>>>> when started with 8 threads (and 8 queues for iptables with the
>>>>> queue-balance option). The default of single queue works fine, but
>>>>> with --runmode worker, and no changes to config file (other than
>>>>> loading the changed rules from emerging threats), the engine doesn't
>>>>> seem to be able to forward packets. With a single queue, it works
>>>>> fine. Suricata is running on a bridged setup, with 2 dual-ported 82599
>>>>> NICs, forwarding packets between 2 independent networks. When trying
>>>>> to stop Suricata, I seem to get an error as well:
>>>>
>>>> Thanks for the report, I am able to reproduce it. I will try to fix it
>>>> ASAP.
>>>
>>> I've fixed it twice (an indirect fix and a dedicated fix, I've just made
>>> now). Victor Julien should publish a updated git containing the fixes
>>> soon.
>>>
>>> Let me know if you want access to my patches.
>>>
>>> BR,
>>> --
>>> Eric Leblond
>>>
>> _______________________________________________
>> Oisf-users mailing list
>> Oisf-users at openinfosecfoundation.org
>> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>>
>
>
> --
> ---------------------------------------------
> Victor Julien
> http://www.inliniac.net/
> PGP: http://www.inliniac.net/victorjulien.asc
> ---------------------------------------------
>
> _______________________________________________
> Oisf-users mailing list
> Oisf-users at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
More information about the Oisf-users
mailing list