[Oisf-users] Suricata with PF_RING on latest git

Edward Fjellskål edwardfjellskaal at gmail.com
Thu Jul 5 21:40:51 UTC 2012 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/05/2012 10:48 PM, Eric Leblond wrote:
> Hello,
> 
> Le jeudi 05 juillet 2012 à 22:04 +0200, Edward Fjellskål a écrit :
>> On 07/05/2012 03:02 PM, Victor Julien wrote:
>>> On 07/04/2012 10:56 PM, Edward Fjellskål wrote:
>>>>> From the testing Im doing now, about 50% of the times I
>>>>> stop
>>>> suricata, it wont... One time it spit out some info about it
>>>> taking too long to shut down, and after a little while killed
>>>> itself!
>>> 
>>> This should be fixed in the current master.
> ...
>> Ubuntu 12.04 with PF_RING v.5.4.4 from git yesterday.
>> 
>> Things where working better with yesterdays suricata from git :)
> 
> I've rebuilt on my VM and run some tests but I did not manage to 
> reproduce it :/
> 
> Do you have something in stats.log ? Does suricata detect if you
> enter a CTRL+C ?
> 
> BR,
> 


CTRL+C has no effect.

I let it hang for a good while:
24224] 5/7/2012 -- 22:03:57 - (tm-threads.c:1991) <Info>
(TmThreadWaitOnThreadInit) -- all 2 packet processing threads, 3
management threads initialized, engine started.
^C[24224] 5/7/2012 -- 22:04:20 - (suricata.c:1837) <Info> (main) --
stopping engine, waiting for outstanding packets
[24224] 5/7/2012 -- 22:06:20 - (suricata.c:1860) <Error> (main) --
[ERRCODE: SC_ERR_SHUTDOWN(193)] - shutdown taking too long, likely a
bug! (1022 != 1024).
[24224] 5/7/2012 -- 22:06:20 - (suricata.c:1872) <Info> (main) -- all
packets processed by threads, stopping engine
[24227] 5/7/2012 -- 22:06:21 - (flow-manager.c:549) <Info>
(FlowManagerThread) -- 0 new flows, 0 established flows were timed
out, 0 flows in closed state
[24224] 5/7/2012 -- 22:07:58 - (tm-threads.c:1538) <Error>
(TmThreadDisableReceiveThreads) -- [ERRCODE: SC_ERR_FATAL(176)] -
Engine unable to disable receive thread - "RxPFReth11".  Killing engine



The statslog spits out just zeros :(

- -------------------------------------------------------------------
Date: 7/5/2012 -- 23:24:48 (uptime: 0d, 00h 01m 35s)
- -------------------------------------------------------------------
Counter                   | TM Name                   | Value
- -------------------------------------------------------------------
flow_mgr.closed_pruned    | FlowManagerThread         | 0
flow_mgr.new_pruned       | FlowManagerThread         | 0
flow_mgr.est_pruned       | FlowManagerThread         | 0
flow.memuse               | FlowManagerThread         | 6390016
flow.spare                | FlowManagerThread         | 10000
flow.emerg_mode_entered   | FlowManagerThread         | 0
flow.emerg_mode_over      | FlowManagerThread         | 0
decoder.pkts              | RxPFReth11                | 0
decoder.bytes             | RxPFReth11                | 0
decoder.ipv4              | RxPFReth11                | 0
decoder.ipv6              | RxPFReth11                | 0
...
...

tcpdump works fine :)


af-packet works, but not as good as yesterday ether :/
Will look more on this during the weekend

E
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJP9gneAAoJEAf3kNGaI009vtsH/ApiU+3c0YqMV3AFk+R2YCxV
yrBe12oovw35EzelyQO8xkk11PdBH4Yk0s/KZVX82rK9qEEeAEic7/V8Cat5rH5X
phFkluOiEkA55MFusIJ+sWOwCHJWRPa78qSVrK/qBUZRZ0x4N/3smrn6YNUtdO2f
IfFOD+pbSe1fdzGdxmvY0n6FnyHRKO1OTYqzkJ85R1/HwsUvGxAJhJoB/XpEK5q9
w98hcqu7FVkRWh55D3RRfQTj0m7+XTGWiU7bjf+Vv+XOw/7Y/zgUDCSMGTNr/hTb
804PPBZMtvSFt3CnldT4zMm4wGoUbIRU+1XW+8AxpaQRTemvDTZ+VOx2E85QIlM=
=eduB
-----END PGP SIGNATURE-----

More information about the Oisf-users mailing list