[Oisf-users] suricata refuse to start if Failure when trying to get MTU via ioctl:19
Delta Yeh
delta.yeh at gmail.com
Wed Jan 11 02:03:58 UTC 2012
This is debian squeeze box.
I run suricata with ./suricata -c /etc/suricata/suricta.yaml -F
/etc/suricata/bpf.filter --pfring
In suricata.yaml there 2 interfaces configured, both are mirror ports.
Sometimes it will succeed to start suricta.
Here is the gdb bt output:
Program terminated with signal 11, Segmentation fault.
#0 0xb75a449b in pcap__switch_to_buffer () from /usr/lib/libpcap.so.0.8
(gdb) bt
#0 0xb75a449b in pcap__switch_to_buffer () from /usr/lib/libpcap.so.0.8
#1 0xb75a457a in pcap__scan_buffer () from /usr/lib/libpcap.so.0.8
#2 0xb75a45f7 in pcap__scan_bytes () from /usr/lib/libpcap.so.0.8
#3 0xb75a465e in pcap__scan_string () from /usr/lib/libpcap.so.0.8
#4 0xb75a468d in lex_init () from /usr/lib/libpcap.so.0.8
#5 0xb759518f in pcap_compile () from /usr/lib/libpcap.so.0.8
#6 0xb7595a0b in pcap_compile_nopcap () from /usr/lib/libpcap.so.0.8
#7 0xb7585a49 in pfring_mod_set_bpf_filter () from /usr/local/lib/libpfring.so
#8 0xb7583a90 in pfring_set_bpf_filter () from /usr/local/lib/libpfring.so
#9 0x0805f34f in ReceivePfringThreadInit (tv=0x9108f40, initdata=0x91075e0,
data=0x910901c) at source-pfring.c:343
#10 0x0812e4b5 in TmThreadsSlotPktAcqLoop (td=0x9108f40) at tm-threads.c:553
#11 0xb754d955 in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#12 0xb747fe7e in clone () from /lib/tls/i686/cmov/libc.so.6
The bpf file is
# cat /etc/suricata/bpf.filter
tcp and ((host 10.64.0.188) or (host 10.64.0.163))
2012/1/10 Luca Deri <deri at ntop.org>:
> Delta
> please cc my colleague Alfredo that is working on a similar issue with
> PF_RING/BPF
>
> Thanks Luca
>
>
> On 01/10/2012 02:03 PM, Delta Yeh wrote:
>>
>> It crashed at pfring_set_bpf_filter with libpacap v0.8, which is
>> debian squeeze stable.
>> I will try to produce a core file.
>>
>> 2012/1/5 Delta Yeh<delta.yeh at gmail.com>:
>>>
>>> Hi,
>>> OS is debian squeeze, suricata version 1.2 dev + pfring5.1
>>>
>>> I start suricata with ./suricata -c /etc/suricata/suricata.yaml --pfring
>>>
>>>
>>> The interface of pfring is a mirror port, and there is traffic.
>>>
>>> I retry several times and I succeed to start suricata only once.
>>>
>>> suricata refuse to start if the following error occured:
>>> (util-ioctl.c:85)<Info> (GetIfaceMTU) --Failure when trying to
>>> get MTU via ioctl:19
>>>
>>> This is the last line of logs printed on console.
>>>
>>> BR,
>>>
>>> DeltaY
>
>
More information about the Oisf-users
mailing list