[Oisf-users] Suricata 2.0 dev, 100% cpu utilization in AF_PACKET + workers mode?

Leonard Jacobs ljacobs at netsecuris.com
Mon Jul 8 23:37:14 UTC 2013


I believe that there is a known problem before kernel 3.5 in Linux.

-----Original Message-----
From: oisf-users-bounces at openinfosecfoundation.org [mailto:oisf-users-bounces at openinfosecfoundation.org] On Behalf Of Cooper F. Nelson
Sent: Monday, July 08, 2013 5:08 PM
To: oisf-users at openinfosecfoundation.org
Subject: [Oisf-users] Suricata 2.0 dev, 100% cpu utilization in AF_PACKET + workers mode?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

See subject.  The current dev. release of suricata has an issue where threads will get stuck at 100% cpu utilization after running for some period of time and stop processing packets.  The process then needs to terminated via 'kill -9' and restarted to free up the cores.  This does not happen in the production release.

Is this a known issue?  The dev. release otherwise performs much better in our environment.

- --
Cooper Nelson
Network Security Analyst
UCSD ACT Security Team
cnelson at ucsd.edu x41042
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJR2zg8AAoJEKIFRYQsa8FWI4AIAI2wblLY7I3YxAuhFiSl9uF+
cLpLBGUIpw/j8LBNg6bdWQUOhHBnDp8uoHUkA6sieMdHLsX2WBaNYQxhg2/u8kwz
47sR9WyMhbyUiMQhdkN8Sgk/IBp001xnr/iHT2aFDpZ2AOvA4zgqMMzqV9dCyKug
MswqRbBM89bNH2LBExDBcMgusy6mKM384xdb4iK6W0JdFaYRv+VESMgyipViOznm
slXR8qHkK4tM8M0ev9rQMQz4rA28+aCkDakUP5kMXcEWzvwD+drTsh5+YhEuB618
7ms0IIA0Fw9iFFqvyzx4ocuV/F8tom02VcQ+D7aCAEKugPaqy1C5sN4UqTDG28E=
=I5+g
-----END PGP SIGNATURE-----
_______________________________________________
Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
OISF: http://www.openinfosecfoundation.org/




More information about the Oisf-users mailing list