[Oisf-users] FW: Warning in AF-Packet IPS Mode

Leonard Jacobs ljacobs at netsecuris.com
Wed Mar 27 11:17:38 UTC 2013 

 
 
From: Leonard Jacobs [mailto:ljacobs at netsecuris.com] 
Sent: Wednesday, March 27, 2013 6:17 AM
To: 'Eric Leblond'
Cc: 'oisf-team at openinfosecfoundation.org'
Subject: RE: Warning in AF-Packet IPS Mode
 
Thanks.  So would more threads set in AF-Packet  help with this too.
 
I only have one thread set on each interface in af-packet configuration within suricata.yaml.  I notice when Suricata initializes that it says something like either 14 or 18 processing threads  initialize and 3 management threads.  Something like this.  Is it specifying af-packet processing or just Suricata packet processing.  I am using a quad-core i7 processor,which has 8 threads in it.
 
From: Eric Leblond [mailto:eric.leblond at gmail.com] 
Sent: Wednesday, March 27, 2013 2:59 AM
To: Leonard Jacobs
Subject: Re: Warning in AF-Packet IPS Mode
 
Hi,
 
A packet can't be send on an interface because it is too long. 
 
Is defrag set to yes in af-packet configuration ? If yes, can you try with no ?
 
BR,
 
On Wed, Mar 27, 2013 at 1:57 AM, Leonard Jacobs <ljacobs at netsecuris.com> wrote:
What do the following warnings mean?
 
<Warning> - [ERRCODE: SC_ERR_SOCKET(200)] - Sending packet failed on socket 8: Message too long
 
<Warning> - [ERRCODE: SC_ERR_INVALID_ACTION(142)] - Unable to release packet data
 
I am using 1 thread in AF-Packet.  My kernel is 3.2.0-23-generic.
 
 
Leonard Jacobs
President/CEO
Netsecuris Inc.
9301 Bryant Avenue S
Suite 104
Minneapolis, MN 55420
(952) 641-1421 ext. 20
 
http://www.netsecuris.com
 
 
 


 
-- 
Eric Leblond : eric.leblond at gmail.com
Blog: http://home.regit.org | Portfolio: http://regit.500px.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20130327/a913794b/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 20970 bytes
Desc: not available
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20130327/a913794b/attachment-0001.jpg>

More information about the Oisf-users mailing list