[Oisf-users] [FORGED] Broadcom NetXtreme II BCM5709 NIC

[Russell Fulton]

Up date on this:  I have just realised that I have an identical machine with broadcom NICs which is working fine with afpacket — I don’t remember doing anything special to get it going.

So the question now becomes what is actually wrong here?

Russell

> On 20 Oct 2015, at 10:13, Russell Fulton <r.fulton at auckland.ac.nz> wrote:
> 
> Hi
> 
> I have just build an old Dell R610 which has broadcom NICs as a suricata sensor but when I start suri using AFpacket I get a bunch of errors:
> 
> Oct 19 00:30:03 secmonprd05 suricata: 19/10/2015 -- 00:30:03 - <Notice> - all 8 packet processing threads, 4 management threads initialized, engine started. 
> Oct 19 00:30:03 secmonprd05 kernel: [618411.460572] device eth3 entered promiscuous mode
> Oct 19 00:30:03 secmonprd05 suricata: 19/10/2015 -- 00:30:03 - <Error> - [ERRCODE: SC_ERR_AFP_CREATE(190)] - Coudn't set fanout mode, error Invalid argument 
> Oct 19 00:30:03 secmonprd05 kernel: [618411.507293] device eth3 left promiscuous mode
> Oct 19 00:30:03 secmonprd05 suricata: 19/10/2015 -- 00:30:03 - <Error> - [ERRCODE: SC_ERR_AFP_CREATE(190)] - Couldn't init AF_PACKET socket, fatal error 
> Oct 19 00:30:03 secmonprd05 kernel: [618411.511313] device eth3 entered promiscuous mode
> Oct 19 00:30:03 secmonprd05 suricata: 19/10/2015 -- 00:30:03 - <Notice> - Signal Received.  Stopping engine. 
> Oct 19 00:30:03 secmonprd05 suricata: 19/10/2015 -- 00:30:03 - <Error> - [ERRCODE: SC_ERR_AFP_CREATE(190)] - Coudn't set fanout mode, error Invalid argument 
> Oct 19 00:30:03 secmonprd05 last message repeated 6 times
> Oct 19 00:30:03 secmonprd05 suricata: 19/10/2015 -- 00:30:03 - <Error> - [ERRCODE: SC_ERR_AFP_CREATE(190)] - Couldn't init AF_PACKET socket, fatal error 
> Oct 19 00:30:03 secmonprd05 kernel: [618411.667074] device eth3 left promiscuous mode
> Oct 19 00:30:03 secmonprd05 suricata: 19/10/2015 -- 00:30:03 - <Error> - [ERRCODE: SC_ERR_AFP_CREATE(190)] - Couldn't init AF_PACKET socket, fatal error 
> Oct 19 00:30:03 secmonprd05 last message repeated 5 times
> 
> I conclude that I cant use afpacket with these NICs. 
> 
> I am now running using plain old -i eth3 but we are dropping lots of packets.
> 
> There are a number of options I can try (buy another nic, pf_ring) but thought I would check that there isn’t anything I can do to get afpacket to work with these NICs.
> 
> Russell
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Suricata User Conference November 4 & 5 in Barcelona: http://oisfevents.net