[Oisf-users] (no subject)

Cooper F. Nelson cnelson at ucsd.edu
Mon Mar 24 13:10:02 UTC 2014 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Another trick to minimize packet drops is to compile suricata with the
'-O3' gcc optimization.

I tried restarting suricata with "buffer-size: 0" as I suggested and can
confirm it doesn't drop packets at startup.  I'll see how it performs
under load during the day.

> capture.kernel_packets    | AFPacketeth21             | 154178
> capture.kernel_drops      | AFPacketeth21             | 0
> capture.kernel_packets    | AFPacketeth22             | 182341
> capture.kernel_drops      | AFPacketeth22             | 0
> capture.kernel_packets    | AFPacketeth23             | 121665
> capture.kernel_drops      | AFPacketeth23             | 0
> capture.kernel_packets    | AFPacketeth24             | 238187
> capture.kernel_drops      | AFPacketeth24             | 0
> capture.kernel_packets    | AFPacketeth25             | 201667
> capture.kernel_drops      | AFPacketeth25             | 0
> capture.kernel_packets    | AFPacketeth26             | 135360
> capture.kernel_drops      | AFPacketeth26             | 0
> capture.kernel_packets    | AFPacketeth27             | 129307
> capture.kernel_drops      | AFPacketeth27             | 0
> capture.kernel_packets    | AFPacketeth28             | 139396
> capture.kernel_drops      | AFPacketeth28             | 0
> capture.kernel_packets    | AFPacketeth29             | 128565
> capture.kernel_drops      | AFPacketeth29             | 0
> capture.kernel_packets    | AFPacketeth210            | 164600
> capture.kernel_drops      | AFPacketeth210            | 0
> capture.kernel_packets    | AFPacketeth211            | 135173
> capture.kernel_drops      | AFPacketeth211            | 0
> capture.kernel_packets    | AFPacketeth212            | 138846
> capture.kernel_drops      | AFPacketeth212            | 0
> capture.kernel_packets    | AFPacketeth213            | 119298
> capture.kernel_drops      | AFPacketeth213            | 0
> capture.kernel_packets    | AFPacketeth214            | 215118
> capture.kernel_drops      | AFPacketeth214            | 0
> capture.kernel_packets    | AFPacketeth215            | 104013
> capture.kernel_drops      | AFPacketeth215            | 0


On 3/24/2014 5:23 AM, Peter Manev wrote:
> 
> Sorry , I sent the previous e-mail too fast :)
> You have :
> tcp.reassembly_gap        | AFPacketeth78             | 5901
> 
> which can be the reason for your packet drops.
> From what you have posted and describe in the mail (stats.log) - the
> packet loss i minimal and justified maybe (reassembly gaps)
> 
> I am not sure what is it that you are trying to solve/achieve .... - 0
> packet drops?
> 



- -- 
Cooper Nelson
Network Security Analyst
UCSD ACT Security Team
cnelson at ucsd.edu x41042
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJTMC6qAAoJEKIFRYQsa8FW/z8H/2fXMsSN10QMxg7Hvo6sQhbL
xZynW9XuBqs0FQOuo8PdkPt3JTRcYJlTheDeDsMfoan7jGikHYb0zXEjL8tW2li4
HWE9yc73XhGK9ym852amBVKvtfsdG0j3JdR/nQvGouZAfpSOzuUC1KS2qrnqVE2A
YhP4jCJVMfC7uezHf8G4emaGb6n25X6RsQY8/2sJWVMqRmkVUk05f/MhSRmLg+H2
7Yz5b2JxgEBQ2IDHxGgRlMm6s2FqpX3pvTFYxpzeA9v0y0ha0PagGMuWb1mIG7R8
wFowERs3Z1FvjjcisDdERhdBlC57MY2m+qdaevsW9tZgmAJQP5SR9SFIfyDusdg=
=bQ+n
-----END PGP SIGNATURE-----

More information about the Oisf-users mailing list