[Oisf-users] Suricata at > 2Gb

[Peter Bates]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hello all

Following pointers to
https://home.regit.org/2012/07/suricata-to-10gbps-and-beyond/

I have my Suricata (1.3.1) configured fairly identically -
but I've increased 'af-packet: threads' to 32
as I have 32 CPU threads (2 x 8C CPUs, 64Gb RAM).

I have the ixgbe although I haven't configured it for RSS=8
or updated the driver to accept FdirPballoc as I've been using the
PF_RING driver to test.

I'm not running irqbalance as I used the set_irq_affinity script to
set up irq affinity - but I guess that might be part of my problem?

Running things up I'm still dropping packets (example from stats:

capture.kernel_packets    | AFPacketeth13             | 29355232
capture.kernel_drops      | AFPacketeth13             | 183400
capture.kernel_packets    | AFPacketeth113            | 21582588
capture.kernel_drops      | AFPacketeth113            | 70033

I also noted that when setting user and group with --user/--group
there are errors like:
3/9/2012 -- 11:37:21 - <Error> - [ERRCODE:
SC_ERR_THREAD_NICE_PRIO(47)] - Error setting nice value for thread
AFPacketeth132: Operation not permitted

I'd rather not run as root however.

- -- 
Peter Bates
Senior Computer Security Officer    Phone: +44(0)2076792049
Information Services Division	    Internal Ext: 32049
University College London
London WC1E 6BT
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQEcBAEBAgAGBQJQRIiYAAoJELhVoVpEMS6RoCcH/0wwVj/dz5nluHOj2o6vMD+I
D3T41oLkaiINzGKfam2QCpv9VMItaShm/F3xm5KlxtbeLtuZfr7G9/n7weaMjKSt
OqH2xoQOTEZy21/3b1ns0wCVr6yr0xbh0GhBcb4Co/4g8fc7uGLiZhLg35lDpV9i
rFIErJrKjwREkrrQLmtu9D39RtolzgA1PVsaNjJbq3syzQp1ptBAT39cOQnKpaSn
WKVfe6eHcQOYqMKPOnLWLYrT0/iCGbT3QTCfLduP2pHlWSswGH7aD5TlUxpwmqCo
YKFGefokXvctZslxA5Odx9IBzb7Ru/C6UEp6I5tb+7V0BzF3q/BSesCTnfma2rQ=
=Uj0B
-----END PGP SIGNATURE-----