[Oisf-users] What does it means??
C. L. Martinez
carlopmart at gmail.com
Fri Oct 11 12:10:45 UTC 2013
On Fri, Oct 11, 2013 at 11:53 AM, Peter Manev <petermanev at gmail.com> wrote:
>>>
>>
>> Hi Peter,
>>
>> Yes, I have tried different nics with same result. But I've done
>> another test. I have reinstalled this host but using FreeBSD 8.4 amd64
>> and here are the results:
>>
>> 11/10/2013 -- 11:27:15 - <Info> - stream.reassembly "toclient-chunk-size": 2560
>> 11/10/2013 -- 11:27:15 - <Info> - all 2 packet processing threads, 3
>> management threads initialized, engine started.
>> 11/10/2013 -- 11:27:15 - <Info> - No packets with invalid checksum,
>> assuming checksum offloading is NOT used
>> 11/10/2013 -- 11:27:15 - <Info> - No packets with invalid checksum,
>> assuming checksum offloading is NOT used
>> 11/10/2013 -- 11:36:30 - <Info> - Signal Received. Stopping engine.
>> 11/10/2013 -- 11:36:30 - <Info> - 0 new flows, 0 established flows
>> were timed out, 0 flows in closed state
>> 11/10/2013 -- 11:36:31 - <Info> - time elapsed 555.799s
>> 11/10/2013 -- 11:36:31 - <Info> - (RxPcapem41) Packets 5845957, bytes 2042472103
>> 11/10/2013 -- 11:36:31 - <Info> - (RxPcapem41) Pcap Total:6747655
>> Recv:6678123 Drop:69532 (1.0%).
>> 11/10/2013 -- 11:36:31 - <Info> - Stream TCP processed 5632209 TCP packets
>> 11/10/2013 -- 11:36:31 - <Info> - Fast log output wrote 1878 alerts
>> 11/10/2013 -- 11:36:31 - <Info> - TLS logger logged 269 requests
>> 11/10/2013 -- 11:36:31 - <Info> - (RxPcapem42) Packets 5834141, bytes 2037711281
>> 11/10/2013 -- 11:36:31 - <Info> - (RxPcapem42) Pcap Total:6747681
>> Recv:6666460 Drop:81221 (1.2%).
>>
>> Best. Same suricata config and sysctl options ...Uhmmm, I think I need
>> to do more tuning with FreeBSD 9.2 or maybe I need to change suricata
>> options for FreeBSD 9.2 ...
>
> This is interesting ...
> Let me just confirm, you use:
>
> the same suricata version
> the same suricata config and start up line
> the same nic interface(driversa and such) and the same traffic
> but in one case it is a fresh FreeBSD 8.4 install and in the other
> case it is fresh FreeBSD 9.2 install
>
> and you get a big diffference in the packets drop, correct?
>
a/ I have used same suricata version in both FreeBSD hosts
b/ I have used netmap in both installations (and device polling to
avoid "interrupts stormings")
c/ I have use same suricata config file
d/ I have use same physical nic in both installations.
... All correct Peter ... Next week, I will move this FreeBSD inside
KVM host if you need I will do more tests ...
More information about the Oisf-users
mailing list