[Oisf-users] Occasional burst of packet loss
Cooper F. Nelson
cnelson at ucsd.edu
Tue Nov 4 16:51:57 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
With af-packet mode its the "buffer-size:" directive.
I didn't see a setting for pfring in the suricata.yaml file.
- -Coop
On 11/4/2014 8:38 AM, Yasha Zislin wrote:
> How do you increase socket buffers?
>
> I've increased a lot of buffers already. That's why my memory
> utilization is high.
> I've also maxed out NIC buffers and PF_RING ring size.
>
> Thanks.
>
>> Date: Tue, 4 Nov 2014 08:11:36 -0800
>> From: cnelson at ucsd.edu
>> To: coolyasha at hotmail.com; oisf-users at lists.openinfosecfoundation.org
>> Subject: Re: [Oisf-users] Occasional burst of packet loss
>>
> Not sure if this works the same as with PF_RING, but I've found
> increasing the socket buffers can help with packet drops during DOS
> attacks when running in AF_PACKET mode. eg:
>
>> buffer-size: 1048576
>
> On 11/3/2014 11:35 AM, Yasha Zislin wrote:
>
>> I guess, I am trying to figure out if there is a way to reduce packet
>> loss and improve performance while being attacked by either DDOS or
>> something else.
>
>> Thanks.
>
>
- --
Cooper Nelson
Network Security Analyst
UCSD ACT Security Team
cnelson at ucsd.edu x41042
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
iQEcBAEBAgAGBQJUWQQtAAoJEKIFRYQsa8FWkTIH/2ydh9RWyZyhNxSylrzmjxc+
QhG/hK9TGkByPHiv6EywiEdo7fsQ0jHYVtXvSydlpAVgYCVkmcRjtwDf9hd/CCUd
JSRMRVVHGnjjWD3vqCjrvmyttGuId33FTc1nc+mI/H3A8kDf3mXYV8P/WsHl7xSu
tcqQybj+KxI0eT1SqGV+gZSU6BLn+PorqDfpHNwIn8HXUSUhMC4mnGpfT58PAYeC
97ED4JWoAL1zdYSaK1elT1S4qbv+fPTvap0JZ/XMt3GcHd09hZhsXUdYRyyip10h
YP/kYpJCsxwHNBMd6FwlppTZlTC3q18FUKUZtGKOiJ+YCOhT0GAWFCdBG/EMHeU=
=C2PH
-----END PGP SIGNATURE-----
More information about the Oisf-users
mailing list