[Oisf-users] Suricata with PF_RING on latest git
Martin Holste
mcholste at gmail.com
Wed Jul 4 21:17:22 UTC 2012
I also have to send SIGKILL to get suricata to die, or it sits
compiling stats or something. It's at 100% CPU (down from about 500%
when processing packets).
On Wed, Jul 4, 2012 at 3:56 PM, Edward Fjellskål
<edwardfjellskaal at gmail.com> wrote:
> ..
>>> What confuses me is that "-lpthread" is already in the generated compile
>>> flags, but somehow the order matters, at least in Ubuntu 12.04.
>>
>> That's weird! I will have a look. I'm currently downloading an ubuntu.
>>
>> People should really use af-packet instead of pf-ring ;)
> ..
>
> Im testing different stuff now, and on an old Intel dual core here,
> I was seeing 17% packetloss using af-packet with zero copy on a
> 60Mbit/s link that I feed with tcpreplay. I tried upping buffers,
> but not much difference :(
>
> With pfring and pfring aware network driver:
> driver: e1000e
> version: 2.0.0.1-NAPI
> firmware-version: 0.15-4
>
> I have 0% packetloss on the same amount of traffic....
>
> I followed:
> https://home.regit.org/2012/02/using-af_packet-zero-copy-mode-in-suricata/
>
> for the afpacket ( but the --runmode=worker is incorrect,
> should be --runmode=workers - there are more such typ0s if
> you look at --list-runmodes)
>
> >From the testing Im doing now, about 50% of the times I stop
> suricata, it wont... One time it spit out some info about
> it taking too long to shut down, and after a little while
> killed itself!
>
> E
> _______________________________________________
> Oisf-users mailing list
> Oisf-users at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
More information about the Oisf-users
mailing list