[Oisf-users] af-packet and Linux Kernel version

Jim Hranicky jfh at ufl.edu
Fri Nov 18 15:33:25 UTC 2016 

af-packet config from suricata.yaml:

  af-packet:
    - interface: ens5f0
      cluster-id: 99
      cluster-type: cluster_flow
      defrag: yes
      rollover: yes
      use-mmap: yes
      mmap-locked: yes
      ring-size: 4096
      buffer-size: 65536

Attached is the startup script I'm using, slighly modified version
of one Coop sent me.

Thanks for your help.

Jim

On 11/18/2016 10:16 AM, Peter Manev wrote:

> Feel free to share(privately if you would like ) your config/set
> up/stats so i (we) can have a look of the AFP set up you have.
-------------- next part --------------
INT=ens5f0

pkill -x Suricata-Main

sleep 3

#clear caches/buffers
free && sync && echo 3 > /proc/sys/vm/drop_caches && free
#stop irqbalance
#/etc/init.d/irqbalance stop

#tune intel 10Ge card

echo "Tuning intel card..."
ifconfig $INT down
rmmod ixgbe
sleep 1
#modprobe ixgbe FdirPballoc=3
insmod /usr/local/src/ixgbe-4.4.6/src/ixgbe.ko FdirPballoc=3

#Set 4k PCI reads
setpci -v -d 8086:10fb e6.b=2e

ifconfig $INT up

ethtool -K $INT tso off
ethtool -K $INT gro off
ethtool -K $INT lro off
ethtool -K $INT gso off
ethtool -K $INT rx on
ethtool -K $INT sg on
ethtool -K $INT rxvlan on
ethtool -K $INT txvlan off
ethtool -N $INT rx-flow-hash udp4 sdfn
ethtool -N $INT rx-flow-hash udp6 sdfn
ethtool -N $INT rx-flow-hash tcp4 sdfn
ethtool -N $INT rx-flow-hash tcp6 sdfn
ethtool -C $INT rx-usecs 1022
ethtool -C $INT adaptive-rx off
ethtool -G $INT rx 4096
ethtool -K $INT ntuple on
ethtool -K $INT rxhash on
ethtool -L $INT combined 16

ethtool -K $INT sg off gro off lro off tso off gso off

#set hash key
#ethtool -X $INT hkey 65:da:65:da:65:da:65:da:65:da:65:da:65:da:65:da:65:da:65:da:65:da:65:da:65:da:65:da:65:da:65:da:65:da:65:da:65:da:65:da

#set irq affinity
/usr/local/bin/set_irq_affinity $INT

#export RSS=1
#/etc/init.d/pf-drivers start

/opt/suricata/bin/suricata -i $INT -c /opt/suricata/etc/suricata/suricata.yaml --af-packet=$INT -vv -l /var/log/suricata/suri1 --pidfile=/var/log/suricata/suri1/suri-1-pid > /tmp/suri.out 2>&1 &

More information about the Oisf-users mailing list