[Oisf-users] Suricata with PF_RING on latest git

Victor Julien victor at inliniac.net
Thu Jul 5 13:04:29 UTC 2012 

On 07/04/2012 11:17 PM, Martin Holste wrote:
> I also have to send SIGKILL to get suricata to die, or it sits
> compiling stats or something.  It's at 100% CPU (down from about 500%
> when processing packets).

Yes, there was a shut down bug. 2 different fixes:

- Anoop fixed the issue for the most part
- I made live rule swaps optional (disabled by default), disabling the
code path that caused this

So hopefully shutdowns are good again!

Cheers,
Victor

> On Wed, Jul 4, 2012 at 3:56 PM, Edward Fjellskål
> <edwardfjellskaal at gmail.com> wrote:
>> ..
>>>> What confuses me is that "-lpthread" is already in the generated compile
>>>> flags, but somehow the order matters, at least in Ubuntu 12.04.
>>>
>>> That's weird! I will have a look. I'm currently downloading an ubuntu.
>>>
>>> People should really use af-packet instead of pf-ring ;)
>> ..
>>
>> Im testing different stuff now, and on an old Intel dual core here,
>> I was seeing 17% packetloss using af-packet with zero copy on a
>> 60Mbit/s link that I feed with tcpreplay. I tried upping buffers,
>> but not much difference :(
>>
>> With pfring and pfring aware network driver:
>> driver: e1000e
>> version: 2.0.0.1-NAPI
>> firmware-version: 0.15-4
>>
>> I have 0% packetloss on the same amount of traffic....
>>
>> I followed:
>> https://home.regit.org/2012/02/using-af_packet-zero-copy-mode-in-suricata/
>>
>> for the afpacket ( but the --runmode=worker is incorrect,
>> should be --runmode=workers - there are more such typ0s if
>> you look at --list-runmodes)
>>
>> >From the testing Im doing now, about 50% of the times I stop
>> suricata, it wont... One time it spit out some info about
>> it taking too long to shut down, and after a little while
>> killed itself!
>>
>> E
>> _______________________________________________
>> Oisf-users mailing list
>> Oisf-users at openinfosecfoundation.org
>> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> _______________________________________________
> Oisf-users mailing list
> Oisf-users at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> 


-- 
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------

More information about the Oisf-users mailing list