[Oisf-users] Suricata with PF_RING on latest git
Edward Fjellskål
edwardfjellskaal at gmail.com
Thu Jul 5 17:40:51 EDT 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 07/05/2012 10:48 PM, Eric Leblond wrote:
> Hello,
>
> Le jeudi 05 juillet 2012 à 22:04 +0200, Edward Fjellskål a écrit :
>> On 07/05/2012 03:02 PM, Victor Julien wrote:
>>> On 07/04/2012 10:56 PM, Edward Fjellskål wrote:
>>>>> From the testing Im doing now, about 50% of the times I
>>>>> stop
>>>> suricata, it wont... One time it spit out some info about it
>>>> taking too long to shut down, and after a little while killed
>>>> itself!
>>>
>>> This should be fixed in the current master.
> ...
>> Ubuntu 12.04 with PF_RING v.5.4.4 from git yesterday.
>>
>> Things where working better with yesterdays suricata from git :)
>
> I've rebuilt on my VM and run some tests but I did not manage to
> reproduce it :/
>
> Do you have something in stats.log ? Does suricata detect if you
> enter a CTRL+C ?
>
> BR,
>
CTRL+C has no effect.
I let it hang for a good while:
24224] 5/7/2012 -- 22:03:57 - (tm-threads.c:1991) <Info>
(TmThreadWaitOnThreadInit) -- all 2 packet processing threads, 3
management threads initialized, engine started.
^C[24224] 5/7/2012 -- 22:04:20 - (suricata.c:1837) <Info> (main) --
stopping engine, waiting for outstanding packets
[24224] 5/7/2012 -- 22:06:20 - (suricata.c:1860) <Error> (main) --
[ERRCODE: SC_ERR_SHUTDOWN(193)] - shutdown taking too long, likely a
bug! (1022 != 1024).
[24224] 5/7/2012 -- 22:06:20 - (suricata.c:1872) <Info> (main) -- all
packets processed by threads, stopping engine
[24227] 5/7/2012 -- 22:06:21 - (flow-manager.c:549) <Info>
(FlowManagerThread) -- 0 new flows, 0 established flows were timed
out, 0 flows in closed state
[24224] 5/7/2012 -- 22:07:58 - (tm-threads.c:1538) <Error>
(TmThreadDisableReceiveThreads) -- [ERRCODE: SC_ERR_FATAL(176)] -
Engine unable to disable receive thread - "RxPFReth11". Killing engine
The statslog spits out just zeros :(
- -------------------------------------------------------------------
Date: 7/5/2012 -- 23:24:48 (uptime: 0d, 00h 01m 35s)
- -------------------------------------------------------------------
Counter | TM Name | Value
- -------------------------------------------------------------------
flow_mgr.closed_pruned | FlowManagerThread | 0
flow_mgr.new_pruned | FlowManagerThread | 0
flow_mgr.est_pruned | FlowManagerThread | 0
flow.memuse | FlowManagerThread | 6390016
flow.spare | FlowManagerThread | 10000
flow.emerg_mode_entered | FlowManagerThread | 0
flow.emerg_mode_over | FlowManagerThread | 0
decoder.pkts | RxPFReth11 | 0
decoder.bytes | RxPFReth11 | 0
decoder.ipv4 | RxPFReth11 | 0
decoder.ipv6 | RxPFReth11 | 0
...
...
tcpdump works fine :)
af-packet works, but not as good as yesterday ether :/
Will look more on this during the weekend
E
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJP9gneAAoJEAf3kNGaI009vtsH/ApiU+3c0YqMV3AFk+R2YCxV
yrBe12oovw35EzelyQO8xkk11PdBH4Yk0s/KZVX82rK9qEEeAEic7/V8Cat5rH5X
phFkluOiEkA55MFusIJ+sWOwCHJWRPa78qSVrK/qBUZRZ0x4N/3smrn6YNUtdO2f
IfFOD+pbSe1fdzGdxmvY0n6FnyHRKO1OTYqzkJ85R1/HwsUvGxAJhJoB/XpEK5q9
w98hcqu7FVkRWh55D3RRfQTj0m7+XTGWiU7bjf+Vv+XOw/7Y/zgUDCSMGTNr/hTb
804PPBZMtvSFt3CnldT4zMm4wGoUbIRU+1XW+8AxpaQRTemvDTZ+VOx2E85QIlM=
=eduB
-----END PGP SIGNATURE-----
More information about the Oisf-users
mailing list