[Oisf-users] Suricata 2.0 dev, 100% cpu utilization in AF_PACKET + workers mode?

Cooper F. Nelson cnelson at ucsd.edu
Thu Jul 11 00:54:50 EDT 2013 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Well, I'm glad you suggested that as I've just tried it and it has
dramatically improved my performance. As I mentioned we have a very high
amount of traffic on port 53 and not all of it is actually DNS!  If you
have a better managed network you might not encounter this issue.

Additionally, I'm still trying to get the file extraction by magic
number feature to work.  I think the issue is that suricata is expecting
the 4-series libmagic/magic.mgc that ships with the file utility and
current one on my system is 5-series.  Could I request that you add
5-series libmagic support to suricata?

- -Coop

On 7/10/2013 8:25 PM, Anoop Saldanha wrote:
> Cooper,
> 
> It would nicer if you can still run the master.  Helps us test the
> master in general, and either ways the master has much better
> performance than 1.4.x.
> 
> You can manually disable the dns parser for now by commenting out
> these 2 lines -
> 
> diff --git a/src/app-layer-parser.c b/src/app-layer-parser.c
> index 41a899d..361bae6 100644
> --- a/src/app-layer-parser.c
> +++ b/src/app-layer-parser.c
> @@ -1342,8 +1342,8 @@ void RegisterAppLayerParsers(void)
>      RegisterFTPParsers();
>      RegisterSSHParsers();
>      RegisterSMTPParsers();
> -    RegisterDNSUDPParsers();
> -    RegisterDNSTCPParsers();
> +    //RegisterDNSUDPParsers();
> +    //RegisterDNSTCPParsers();
> 


- -- 
Cooper Nelson
Network Security Analyst
UCSD ACT Security Team
cnelson at ucsd.edu x41042
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJR3jqaAAoJEKIFRYQsa8FWg2wIALRWPhXGaBWvG7UOCUK2lyi0
2nxvF5vw4D71VA1PjVx6PvUYVRpVpHDELUnyfjvpLufWZDoCrGQrHIBDitO8escF
CiNtcCRkHpg56l+h+11kUXdSdMQgeHq+WytKgU2NvzkwzxtlJcugvQs5HBKSdxKC
zqgY9ZnpqeVSu+y58DDqp10WzCUh/+VzQYuq89VOXNZlKTC5+JNa8HaufMdIDKgr
C8UTKbdCh68KLhRI9yZc5XSADS/nxxbkdSNifwGl+OGiKhGZrHhy+yaB/aeTS0ap
V0l5G3Y+7eSOPI1hnb1yPwJf4hLxwOkp1zsgwQmhKLbZj2a/IgOGU2fP3T3Qbi0=
=1rSt
-----END PGP SIGNATURE-----

More information about the Oisf-users mailing list