[Oisf-users] Suricata with PF_RING on latest git

Eric Leblond eric at regit.org
Wed Jul 4 21:31:32 UTC 2012 

Hello,

Le mercredi 04 juillet 2012 à 16:17 -0500, Martin Holste a écrit :
> I also have to send SIGKILL to get suricata to die, or it sits
> compiling stats or something.  It's at 100% CPU (down from about 500%
> when processing packets).

Thanks for feedback! but sorry for the issue :/ Is it possible to have a
backtrace ?

BR,

> 
> On Wed, Jul 4, 2012 at 3:56 PM, Edward Fjellskål
> <edwardfjellskaal at gmail.com> wrote:
> > ..
> >>> What confuses me is that "-lpthread" is already in the generated compile
> >>> flags, but somehow the order matters, at least in Ubuntu 12.04.
> >>
> >> That's weird! I will have a look. I'm currently downloading an ubuntu.
> >>
> >> People should really use af-packet instead of pf-ring ;)
> > ..
> >
> > Im testing different stuff now, and on an old Intel dual core here,
> > I was seeing 17% packetloss using af-packet with zero copy on a
> > 60Mbit/s link that I feed with tcpreplay. I tried upping buffers,
> > but not much difference :(
> >
> > With pfring and pfring aware network driver:
> > driver: e1000e
> > version: 2.0.0.1-NAPI
> > firmware-version: 0.15-4
> >
> > I have 0% packetloss on the same amount of traffic....
> >
> > I followed:
> > https://home.regit.org/2012/02/using-af_packet-zero-copy-mode-in-suricata/
> >
> > for the afpacket ( but the --runmode=worker is incorrect,
> > should be --runmode=workers - there are more such typ0s if
> > you look at --list-runmodes)
> >
> > >From the testing Im doing now, about 50% of the times I stop
> > suricata, it wont... One time it spit out some info about
> > it taking too long to shut down, and after a little while
> > killed itself!
> >
> > E
> > _______________________________________________
> > Oisf-users mailing list
> > Oisf-users at openinfosecfoundation.org
> > http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> _______________________________________________
> Oisf-users mailing list
> Oisf-users at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users

-- 
Eric Leblond 
Blog: http://home.regit.org/ - Portfolio: http://regit.500px.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20120704/4129e54a/attachment.sig>

More information about the Oisf-users mailing list