[Oisf-users] kernel_drops with afpacket.
Andreas Moe
andmoe at mnemonic.no
Mon Jun 30 07:02:25 UTC 2014
Hi there. Im testing around with Suricata in VM and there is something i can't get my head around. I have a server that is well equipped 32GB ram and 8 CPU cores, along with enough harddisk space and so on. There is not much else running on this machine, and no other CPU/Network/Disk intensive processes either. Traffic I'm receiving is say average around 450Mbit/s. I have turned of offloading on the NIC (checksum, etc), and Don't see any memcap drops (tcp.ssn_memcap_drop og tcp.segment_memcap_drop). But what I do see I a lot of packets not buing sent to userspace (as I understand that is what capture.kernel_drops means).
Kernel: 3.14.5-1.el6.elrepo.x86_64
OS: Centos 6.5
Host info: Running on a VMWare ESXi host.
(capture.kernel_* in stats.log)
capture.kernel_packets | AFPacketeth11 | 16877739
capture.kernel_drops | AFPacketeth11 | 249260
capture.kernel_packets | AFPacketeth12 | 20722043
capture.kernel_drops | AFPacketeth12 | 11901857
capture.kernel_packets | AFPacketeth13 | 17474527
capture.kernel_drops | AFPacketeth13 | 274370
capture.kernel_packets | AFPacketeth14 | 95842172
capture.kernel_drops | AFPacketeth14 | 53533152
capture.kernel_packets | AFPacketeth15 | 20931893
capture.kernel_drops | AFPacketeth15 | 375185
capture.kernel_packets | AFPacketeth16 | 14848576
capture.kernel_drops | AFPacketeth16 | 157094
capture.kernel_packets | AFPacketeth17 | 14497838
capture.kernel_drops | AFPacketeth17 | 688556
capture.kernel_packets | AFPacketeth18 | 15894403
capture.kernel_drops | AFPacketeth18 | 60119
capture.kernel_packets | AFPacketeth11 | 16920288
capture.kernel_drops | AFPacketeth11 | 249260
capture.kernel_packets | AFPacketeth12 | 20770823
capture.kernel_drops | AFPacketeth12 | 11901857
capture.kernel_packets | AFPacketeth13 | 17534417
capture.kernel_drops | AFPacketeth13 | 274422
capture.kernel_packets | AFPacketeth14 | 95978498
capture.kernel_drops | AFPacketeth14 | 53533531
capture.kernel_packets | AFPacketeth15 | 21016007
capture.kernel_drops | AFPacketeth15 | 375950
capture.kernel_packets | AFPacketeth16 | 14923398
capture.kernel_drops | AFPacketeth16 | 157094
capture.kernel_packets | AFPacketeth17 | 14559712
capture.kernel_drops | AFPacketeth17 | 688561
capture.kernel_packets | AFPacketeth18 | 15942758
capture.kernel_drops | AFPacketeth18 | 60119
Features for eth1:
rx-checksumming: off
tx-checksumming: off
tx-checksum-ipv4: off [fixed]
tx-checksum-ip-generic: off
tx-checksum-ipv6: off [fixed]
tx-checksum-fcoe-crc: off [fixed]
tx-checksum-sctp: off [fixed]
scatter-gather: on
tx-scatter-gather: on
tx-scatter-gather-fraglist: off [fixed]
tcp-segmentation-offload: off
tx-tcp-segmentation: off [requested on]
tx-tcp-ecn-segmentation: off [fixed]
tx-tcp6-segmentation: off [requested on]
udp-fragmentation-offload: off [fixed]
generic-segmentation-offload: off
generic-receive-offload: off
large-receive-offload: off
rx-vlan-offload: off
tx-vlan-offload: off
ntuple-filters: off [fixed]
receive-hashing: on
highdma: on
rx-vlan-filter: on [fixed]
vlan-challenged: off [fixed]
tx-lockless: off [fixed]
netns-local: off [fixed]
tx-gso-robust: off [fixed]
tx-fcoe-segmentation: off [fixed]
tx-gre-segmentation: off [fixed]
tx-ipip-segmentation: off [fixed]
tx-sit-segmentation: off [fixed]
tx-udp_tnl-segmentation: off [fixed]
tx-mpls-segmentation: off [fixed]
fcoe-mtu: off [fixed]
tx-nocache-copy: off
loopback: off [fixed]
rx-fcs: off [fixed]
rx-all: off [fixed]
tx-vlan-stag-hw-insert: off [fixed]
rx-vlan-stag-hw-parse: off [fixed]
rx-vlan-stag-filter: off [fixed]
l2-fwd-offload: off [fixed]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20140630/f6c22068/attachment-0001.html>
More information about the Oisf-users
mailing list