[Oisf-users] Question on combined protocols

Leonard Jacobs ljacobs at netsecuris.com
Thu May 16 01:39:20 UTC 2013

I don't see Eric's response anymore.  Are all of these messages archived someplace?

I remember seeing something on checking MTUs but I don't recall specifics.  The MTU on both interfaces that are used with af-packet are set to 1500.

Is a MTU of 1500 ok?

-----Original Message-----
From: Victor Julien [mailto:lists at inliniac.net] 
Sent: Wednesday, May 15, 2013 4:44 AM
To: Leonard Jacobs
Cc: oisf-users at openinfosecfoundation.org
Subject: Re: [Oisf-users] Question on combined protocols

On 05/14/2013 04:30 PM, Leonard Jacobs wrote:
> We get the following message in large amounts when the SSL VPN is used 
> but usually different socket numbers only with af-packet IPS mode 
> enabled.  Is it indicative of the flow timeouts being too small?
> SC_ERR_INVALID_ACTION(142) Sending packet failed on Socket 8: Message 
> too long Unable to release packet data

These are definitely not okay to have. As Eric said in another thread:
check if the MTU's are equal, if so, it's probably a bug in suri.

Victor Julien
PGP: http://www.inliniac.net/victorjulien.asc

More information about the Oisf-users mailing list