[Oisf-users] Cant start suricata with cuda in daemon mode
stefan.egger at bit.admin.ch
stefan.egger at bit.admin.ch
Thu Dec 5 15:12:56 UTC 2013
Issue #1059 created.
Regards Stefan
-----Ursprüngliche Nachricht-----
Von: Anoop Saldanha [mailto:anoopsaldanha at gmail.com]
Gesendet: Donnerstag, 5. Dezember 2013 16:02
An: Egger Stefan BIT
Betreff: Re: [Oisf-users] Cant start suricata with cuda in daemon mode
Stefan,
Missed the daemon mode part. Haven't tried cuda + daemon mode yet.
Can you please open a bug report on
https://redmine.openinfosecfoundation.org/projects/suricata ?
On Thu, Dec 5, 2013 at 8:27 PM, <stefan.egger at bit.admin.ch> wrote:
> Hi Anoop (hope that is your firstname)
>
> Yes I can give you some extra information:
>
> - Running suricata 2.0 Beta 1
> - SDK 5.5
> - centos 6.4
>
> #build info:
> ****************************************************************************
> [root at gandalf log]# /opt/suricata2/bin/suricata --build-info
> This is Suricata version 2.0beta1 RELEASE
> Features: UNITTESTS PCAP_SET_BUFF LIBPCAP_VERSION_MAJOR=1 CUDA AF_PACKET HAVE_PACKET_FANOUT LIBCAP_NG LIBNET1.1 HAVE_HTP_URI_NORMALIZE_HOOK HAVE_NSS HAVE_LIBJANSSON PROFILING
> 64-bits, Little-endian architecture
> GCC version 4.4.7 20120313 (Red Hat 4.4.7-3), C version 199901
> __GCC_HAVE_SYNC_COMPARE_AND_SWAP_1
> __GCC_HAVE_SYNC_COMPARE_AND_SWAP_2
> __GCC_HAVE_SYNC_COMPARE_AND_SWAP_4
> __GCC_HAVE_SYNC_COMPARE_AND_SWAP_8
> __GCC_HAVE_SYNC_COMPARE_AND_SWAP_16
> L1 cache line size (CLS)=64
> compiled with LibHTP v0.5.5, linked against LibHTP v0.5.5
> Suricata Configuration:
> AF_PACKET support: yes
> PF_RING support: no
> NFQueue support: no
> IPFW support: no
> DAG enabled: no
> Napatech enabled: no
> Unix socket enabled: yes
>
> libnss support: yes
> libnspr support: yes
> libjansson support: yes
> Prelude support: no
> PCRE jit: no
> libluajit: no
> libgeoip: yes
> Non-bundled htp: no
> Old barnyard2 support: no
> CUDA enabled: yes
>
> Suricatasc install: yes
>
> Unit tests enabled: yes
> Debug output enabled: no
> Debug validation enabled: no
> Profiling enabled: yes
> Profiling locks enabled: no
>
> Generic build parameters:
> Installation prefix (--prefix): /opt/suricata2
> Configuration directory (--sysconfdir): /opt/suricata2/etc/suricata/
> Log directory (--localstatedir) : /opt/suricata2/var/log/suricata/
>
> Host: x86_64-unknown-linux-gnu
> GCC binary: gcc
> GCC Protect enabled: no
> GCC march native enabled: yes
> GCC Profile enabled: no
> [root at gandalf log]#
>
> cuda parameter from the yaml file:
> ****************************************************************************
> # Cuda configuration.
>
> cuda:
> # The "mpm" profile. On not specifying any of these parameters, the engine's
> # internal default values are used, which are same as the ones specified in
> # in the default conf file.
> mpm:
> # The minimum length required to buffer data to the gpu.
> # Anything below this is MPM'ed on the CPU.
> # Can be specified in kb, mb, gb. Just a number indicates it's in bytes.
> # A value of 0 indicates there's no limit.
> data-buffer-size-min-limit: 40
> # The maximum length for data that we would buffer to the gpu.
> # Anything over this is MPM'ed on the CPU.
> # Can be specified in kb, mb, gb. Just a number indicates it's in bytes.
> data-buffer-size-max-limit: 1500
> # The ring buffer size used by the CudaBuffer API to buffer data.
> cudabuffer-buffer-size: 500mb
> # The max chunk size that can be sent to the gpu in a single go.
> #ORIG: gpu-transfer-size: 50mb
> gpu-transfer-size: 10mb
> # The timeout limit for batching of packets in microseconds.
> batching-timeout: 2000
> # The device to use for the mpm. Currently we don't support load balancing
> # on multiple gpus. In case you have multiple devices on your system, you
> # can specify the device to use, using this conf. By default we hold 0, to
> # specify the first device cuda sees. To find out device-id associated with
> # the card(s) on the system run "suricata --list-cuda-cards".
> device-id: 0
> # No of Cuda streams used for asynchronous processing. All values > 0 are valid.
> # For this option you need a device with Compute Capability > 1.0.
> cuda-streams: 2
>
>
> Startup:
> ****************************************************************************
> 5/12/2013 -- 15:41:53 - <Info> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
> 5/12/2013 -- 15:41:53 - <Info> - preallocated 65535 defrag trackers of size 144
> 5/12/2013 -- 15:41:53 - <Info> - defrag memory usage: 13107056 bytes, maximum: 33554432
> 5/12/2013 -- 15:41:53 - <Info> - AutoFP mode using default "Active Packets" flow load balancer
> 5/12/2013 -- 15:41:53 - <Info> - Use pid file /opt/suricata2/var/run/suricata.pid from config file.
> 5/12/2013 -- 15:41:54 - <Info> - preallocated 60000 packets. Total memory 1520640000
> 5/12/2013 -- 15:41:54 - <Info> - allocated 229376 bytes of memory for the host hash... 4096 buckets of size 56
> 5/12/2013 -- 15:41:54 - <Info> - preallocated 1000 hosts of size 120
> 5/12/2013 -- 15:41:54 - <Info> - host memory usage: 349376 bytes, maximum: 16777216
> 5/12/2013 -- 15:41:54 - <Info> - allocated 3670016 bytes of memory for the flow hash... 65536 buckets of size 56
> 5/12/2013 -- 15:41:54 - <Info> - preallocated 10000 flows of size 272
> 5/12/2013 -- 15:41:54 - <Info> - flow memory usage: 6390016 bytes, maximum: 33554432
> 5/12/2013 -- 15:41:54 - <Info> - IP reputation disabled
> 5/12/2013 -- 15:41:54 - <Info> - Added "34" classification types from the classification file
> 5/12/2013 -- 15:41:54 - <Info> - Added "12" reference types from the reference.config file
> 5/12/2013 -- 15:41:54 - <Info> - using magic-file /usr/share/file/magic
> 5/12/2013 -- 15:41:54 - <Info> - Delayed detect disabled
> 5/12/2013 -- 15:41:55 - <Info> - 38 rule files processed. 7822 rules successfully loaded, 0 rules failed
> 5/12/2013 -- 15:41:59 - <Info> - 7830 signatures processed. 567 are IP-only rules, 3444 are inspecting packet payload, 4942 inspect application layer, 72 are decoder event only
> 5/12/2013 -- 15:41:59 - <Info> - building signature grouping structure, stage 1: adding signatures to signature source addresses... complete
> 5/12/2013 -- 15:41:59 - <Info> - building signature grouping structure, stage 2: building source address list... complete
> 5/12/2013 -- 15:42:01 - <Info> - building signature grouping structure, stage 3: building destination address lists... complete
> 5/12/2013 -- 15:42:01 - <Error> - [ERRCODE: SC_ERR_CUDA_ERROR(134)] - cuCtxPushCurrent failed. Returned errocode - CUDA_ERROR_NOT_INITIALIZED
> 5/12/2013 -- 15:42:01 - <Error> - [ERRCODE: SC_ERR_FATAL(171)] - context push failed.
>
>
> cardinfo: Nvidia Quadro K4000 with 3GB RAM
> ****************************************************************************
>
> [root at gandalf log]# /opt/suricata2/bin/suricata --list-cuda-cards
> 5/12/2013 -- 15:48:41 - <Info> - This is Suricata version 2.0beta1 RELEASE
> 5/12/2013 -- 15:48:41 - <Info> - CPUs/cores online: 40
> 5/12/2013 -- 15:48:42 - <Info> - GPU Device 1: Quadro K4000, 4 Multiprocessors, 810MHz, CUDA Compute Capability 3.0
> CUDA Cards recognized by the suricata CUDA module -
> |-----------------------------------------------------------------------------|
> | Device Id | Device Name | Multi- | Clock Rate | Cuda Compute |
> | | | Processors | (MHz) | Capability |
> |-----------------------------------------------------------------------------|
> | 0 | Quadro K4000 | 4 | 810 | 3.0 |
> |-----------------------------------------------------------------------------|
> [root at gandalf log]#
>
>
> Change the Memory parameter did not solve the problem. Just keep in mind, that it's running well
> without daemon mode ...
>
> Regards Stefan
>
>
>
>
>
> -----Ursprüngliche Nachricht-----
> Von: Anoop Saldanha [mailto:anoopsaldanha at gmail.com]
> Gesendet: Donnerstag, 5. Dezember 2013 15:39
> An: Egger Stefan BIT
> Cc: oisf-users at lists.openinfosecfoundation.org
> Betreff: Re: [Oisf-users] Cant start suricata with cuda in daemon mode
>
> On Thu, Dec 5, 2013 at 6:51 PM, <stefan.egger at bit.admin.ch> wrote:
>> Hi all,
>>
>> has anyone problems starting suricata with a cuda card in daemon mode?
>> For some reason I can't start suricata. I'm running into a cude error .
>> If I start normal I don't get an error everything seem to be fine.
>>
>> 5/12/2013 -- 14:17:10 - <Info> - building signature grouping structure, stage 1: adding signatures to signature source addresses...
>> complete
>> 5/12/2013 -- 14:17:10 - <Info> - building signature grouping structure, stage 2: building source address list... complete
>> 5/12/2013 -- 14:17:11 - <Info> - building signature grouping structure, stage 3: building destination address lists... complete
>> 5/12/2013 -- 14:17:11 - <Error> - [ERRCODE: SC_ERR_CUDA_ERROR(134)] - cuCtxPushCurrent failed. Returned errocode -
>> CUDA_ERROR_NOT_INITIALIZED
>> 5/12/2013 -- 14:17:11 - <Error> - [ERRCODE: SC_ERR_FATAL(171)] - context push failed.
>>
>>
>> Any advice would be welcomed
>
> 1. Do you have any more startup logs?
> 2. Can you give me your card specs?
> 3. What is the version of cuda runtime you are using?
> 4. In the yaml file there are some cuda settings. The below parameter -
>
> # The max chunk size that can be sent to the gpu in a single go.
> gpu-transfer-size: 50mb
>
> Can you reduce the size to a smaller value(10mb) and see if that
> solves the issue?
>
> --
> -------------------------------
> Anoop Saldanha
> http://www.poona.me
> -------------------------------
--
-------------------------------
Anoop Saldanha
http://www.poona.me
-------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 8930 bytes
Desc: not available
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20131205/1e94c523/attachment-0002.bin>
More information about the Oisf-users
mailing list