[Oisf-users] Suricata 2.0 dev, 100% cpu utilization in AF_PACKET + workers mode?
Peter Manev
petermanev at gmail.com
Wed Jul 10 06:46:33 UTC 2013
>> Something similar happened to our testing machine but htere we fixed
>> it with loading the latest kernel drivers for the network card and
>> doing a
>> " /etc/init.d/irqbalance restart "
>> and load balancing the UDP flow again -
>> "
>> ethtool -n eth3 rx-flow-hash udp4
>> ethtool -g eth3
>> cat /proc/interrupts
>> "
>> on Ubuntu LTS - 3.2 kernel
>
> Question along those lines, what do the suricata devs feel about the
> various NIC offloading features re: interaction with suricata?
These, I think should be OFF in general. Suricata must be able to see
the traffic as it is.
Again , if I may, irqbalance and udp balancing are very important.
>
> See: >
> http://securityonion.blogspot.com/2011/10/when-is-full-packet-capture-not-full.html
>
> I had these features disabled as per this article; but I've re-enabled
> them for testing.
>
> - -Coop
>
--
Regards,
Peter Manev
More information about the Oisf-users
mailing list