[Oisf-users] Broadcom NetXtreme II BCM5709 NIC

[Russell Fulton]

Hi

I have just build an old Dell R610 which has broadcom NICs as a suricata sensor but when I start suri using AFpacket I get a bunch of errors:

Oct 19 00:30:03 secmonprd05 suricata: 19/10/2015 -- 00:30:03 - <Notice> - all 8 packet processing threads, 4 management threads initialized, engine started. 
Oct 19 00:30:03 secmonprd05 kernel: [618411.460572] device eth3 entered promiscuous mode
Oct 19 00:30:03 secmonprd05 suricata: 19/10/2015 -- 00:30:03 - <Error> - [ERRCODE: SC_ERR_AFP_CREATE(190)] - Coudn't set fanout mode, error Invalid argument 
Oct 19 00:30:03 secmonprd05 kernel: [618411.507293] device eth3 left promiscuous mode
Oct 19 00:30:03 secmonprd05 suricata: 19/10/2015 -- 00:30:03 - <Error> - [ERRCODE: SC_ERR_AFP_CREATE(190)] - Couldn't init AF_PACKET socket, fatal error 
Oct 19 00:30:03 secmonprd05 kernel: [618411.511313] device eth3 entered promiscuous mode
Oct 19 00:30:03 secmonprd05 suricata: 19/10/2015 -- 00:30:03 - <Notice> - Signal Received.  Stopping engine. 
Oct 19 00:30:03 secmonprd05 suricata: 19/10/2015 -- 00:30:03 - <Error> - [ERRCODE: SC_ERR_AFP_CREATE(190)] - Coudn't set fanout mode, error Invalid argument 
Oct 19 00:30:03 secmonprd05 last message repeated 6 times
Oct 19 00:30:03 secmonprd05 suricata: 19/10/2015 -- 00:30:03 - <Error> - [ERRCODE: SC_ERR_AFP_CREATE(190)] - Couldn't init AF_PACKET socket, fatal error 
Oct 19 00:30:03 secmonprd05 kernel: [618411.667074] device eth3 left promiscuous mode
Oct 19 00:30:03 secmonprd05 suricata: 19/10/2015 -- 00:30:03 - <Error> - [ERRCODE: SC_ERR_AFP_CREATE(190)] - Couldn't init AF_PACKET socket, fatal error 
Oct 19 00:30:03 secmonprd05 last message repeated 5 times

I conclude that I cant use afpacket with these NICs. 

I am now running using plain old -i eth3 but we are dropping lots of packets.

There are a number of options I can try (buy another nic, pf_ring) but thought I would check that there isn’t anything I can do to get afpacket to work with these NICs.

Russell