[Oisf-users] Can't start AF_PACKET in Workers mode?
Eric Leblond
eric at regit.org
Mon Mar 28 20:14:54 UTC 2016
Hello,
On Mon, 2016-03-28 at 19:47 +0000, Cloherty, Sean E wrote:
> ( buried in an earlier email about a different topic . . . )
>
> An odd behavior I am noticing is that despite setting the afpacket
> mode to workers, both in the yaml file and on the command line, the
> start messages always notes autofp mode. Am I reading that
> correctly? What could cause that? I am running in IDS mode in case
> that is of note.
>
> When I start up - the last line is as below.
>
> 24/3/2016 -- 13:32:30 - <Notice> - This is Suricata version 3.0
> RELEASE
> 24/3/2016 -- 13:32:30 - <Info> - CPUs/cores online: 32
> 24/3/2016 -- 13:32:30 - <Info> - 'default' server has 'request-body-
> minimal-inspect-size' set to 33882 and 'request-body-inspect-window'
> set to 4053 after randomization.
> 24/3/2016 -- 13:32:30 - <Info> - 'default' server has 'response-body-
> minimal-inspect-size' set to 42119 and 'response-body-inspect-window'
> set to 16872 after randomization.
> 24/3/2016 -- 13:32:30 - <Info> - DNS request flood protection level:
> 500
> 24/3/2016 -- 13:32:30 - <Info> - DNS per flow memcap (state-memcap):
> 524288
> 24/3/2016 -- 13:32:30 - <Info> - DNS global memcap: 16777216
> 24/3/2016 -- 13:32:30 - <Info> - Protocol detection and parser
> disabled for modbus protocol.
> 24/3/2016 -- 13:32:30 - <Info> - Found an MTU of 1500 for 'ens1f1'
> 24/3/2016 -- 13:32:30 - <Info> - allocated 3670016 bytes of memory
> for the defrag hash... 65536 buckets of size 56
> 24/3/2016 -- 13:32:30 - <Info> - preallocated 65535 defrag trackers
> of size 168
> 24/3/2016 -- 13:32:30 - <Info> - defrag memory usage: 14679896 bytes,
> maximum: 2147483648
> 24/3/2016 -- 13:32:30 - <Info> - AutoFP mode using default "Active
> Packets" flow load balancer
This is one message always printed by the flow load balancer mechanism
at init. Even if this one is not used. Don't worry about that. I will
try to see if I can cook a fix removing it in the case we are running
in workers mode.
++
>
>
> Sean Cloherty
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-
> ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-u
> sers
> Suricata User Conference November 9-11 in Washington, DC: http://oisf
> events.net
--
Eric Leblond <eric at regit.org>
More information about the Oisf-users
mailing list