[Oisf-users] AF_PACKET: fanout not supported on this system, falling back to 1 capture thread
Eric Leblond
eric at regit.org
Wed Oct 5 06:34:41 UTC 2016
Hi,
On mer., 2016-10-05 at 08:15 +0200, Victor Julien wrote:
> On 05-10-16 01:04, ltow at centrum.cz wrote:
> >
> > using stop Debian Jessie kernel:
> >
> > root at mirach:~# uname -a
> > Linux mirach 3.16.0-4-amd64 #1 SMP Debian 3.16.36-1+deb8u1 (2016-
> > 09-03) x86_64 GNU/Linux
> >
> > and jessie-backport Suricata package:
> >
> > root at mirach:~# suricata -V
> > This is Suricata version 3.1.2 RELEASE
> >
> > I am not able to use AF_PACKET fanout, as check for fanout is
> > failing and only one detect thread is started instead:
> >
> > root at mirach:~# suricata -c /etc/suricata/suricata.yaml --af-
> > packet=eth2 --runmode workers -vvvvv
> > ......
> > 5/10/2016 -- 00:47:59 - <Info> - Unified2-alert initialized:
> > filename unified2.alert, limit 32 MB
> > 5/10/2016 -- 00:47:59 - <Info> - stats output device (regular)
> > initialized: stats.log
> > 5/10/2016 -- 00:47:59 - <Notice> - fanout not supported on this
> > system, falling back to 1 capture thread
>
> It looks like this was checked during compilation of the packet ports
> package. Jessie should support fanout though, so not sure why it
> doesn't
> work. Maybe it's something weird in the package building process.
I agree. We are building at Stamus Networks on debian Jessie and it is
working correctly.
The configure script is checking for a define in "linux/if_packet.h"
that is coming by default from linux-libc-dev (file in that case
isĀ /usr/include/linux/if_packet.h).
Could it be possible the package is outdated or another file in
included ?
++
--
Eric Leblond <eric at regit.org>
Blog: https://home.regit.org/
More information about the Oisf-users
mailing list