[Oisf-users] Suricata 2.0 dev, 100% cpu utilization in AF_PACKET + workers mode?

Leonard Jacobs ljacobs at netsecuris.com
Tue Jul 9 00:19:11 UTC 2013 

Ok then it is probably not the same problem.

-----Original Message-----
From: Cooper F. Nelson [mailto:cnelson at ucsd.edu] 
Sent: Monday, July 08, 2013 6:45 PM
To: Leonard Jacobs
Cc: oisf-users at openinfosecfoundation.org
Subject: Re: [Oisf-users] Suricata 2.0 dev, 100% cpu utilization in AF_PACKET + workers mode?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I'm on the latest 3.8 series kernel.  The 3.9 series kernel did not work with the Intel ixgbe driver.

- -Coop

>3.8.12-gentoo #1 SMP Sat May 11 16:43:33 UTC 2013 x86_64 Intel(R) 
>Xeon(R) CPU X5560 @ 2.80GHz GenuineIntel GNU/Linux

On 7/8/2013 4:37 PM, Leonard Jacobs wrote:
> I believe that there is a known problem before kernel 3.5 in Linux.
> 
> -----Original Message-----
> From: oisf-users-bounces at openinfosecfoundation.org 
> [mailto:oisf-users-bounces at openinfosecfoundation.org] On Behalf Of 
> Cooper F. Nelson
> Sent: Monday, July 08, 2013 5:08 PM
> To: oisf-users at openinfosecfoundation.org
> Subject: [Oisf-users] Suricata 2.0 dev, 100% cpu utilization in AF_PACKET + workers mode?
> 
> See subject.  The current dev. release of suricata has an issue where threads will get stuck at 100% cpu utilization after running for some period of time and stop processing packets.  The process then needs to terminated via 'kill -9' and restarted to free up the cores.  This does not happen in the production release.
> 
> Is this a known issue?  The dev. release otherwise performs much better in our environment.
> 
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: 
> http://suricata-ids.org/support/
> List: 
> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> OISF: http://www.openinfosecfoundation.org/
> 

- --
Cooper Nelson
Network Security Analyst
UCSD ACT Security Team
cnelson at ucsd.edu x41042
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJR208CAAoJEKIFRYQsa8FWdREH/AhNu+YLqlzei5eJJ9JE3hIu
0XQWfn2E/8KUhdUzxEDwiQe2tttQr/DYRF+pRQx1hjGnwVafp01QhMYuBzE/tw/8
BZKXCRxI4owJiW50gnxnwlOD53/OB1txoRbd+p4NZlGmniY96hQdnItspHdSKxMV
kGfZEQ4nFRIJIwvbn2YwNvwEw9rLnFBUo5TXhwvfenS+oxGUErF2O4Hs9/skcNeq
UKm1jmgKpT9SF0cMlFLrvTyheVqKYhI2Ruv3LcwwXAXyfBWceKIIeUOLQHH2omdc
b4pIDnFcXOldnxvGghJXxcGoCv6EaeKT/K7q37mqngy54dSx5L9eouxzhA/JWyY=
=7BOH
-----END PGP SIGNATURE-----

More information about the Oisf-users mailing list