[Oisf-users] Netmap pipe configuration

James Dickenson jdickenson at gmail.com
Wed Feb 1 16:39:13 UTC 2017 

No actually on RHEL7.  I'm starting to think that perhaps netmap pipes
isn't supported in Suricata, maybe someone can confirm this?   I was basing
this configuration somewhat around the documentation here:
http://suricata.readthedocs.io/en/latest/performance/packet-capture.html as
it references using the lb tool to load balance.

I attempted to confirm the TX/RX as you suggested with tcpdump, which
required compiling libpcap and tcpdump w/ netmap support. But no dice
binding to the netmap pipe foo, (I could however bind to the interface).

-James

On Tue, Jan 31, 2017 at 4:03 PM, Michael Shirk <shirkdog.bsd at gmail.com>
wrote:

> I am assuming you are trying with FreeBSD?
>
> If so, which version of FreeBSD? And even if you are doing this on Linux,
> I would attempt to just use something like tcpdump to make sure TX/RX is
> working correctly.
>
>
>
> --
> Michael Shirk
> Daemon Security, Inc.
> http://www.daemon-security.com
>
> On Jan 31, 2017 6:58 PM, "Eric Leblond" <eric at regit.org> wrote:
>
>> Hi,
>>
>> On Tue, 2017-01-31 at 15:52 -0800, James Dickenson wrote:
>> > Hey All,
>> >
>> > I'm trying to test a Suricata configuration using Netmap and the
>> > bundled Netmap tool lb to load balance for the Suricata worker
>> > threads.  However I've run into some trouble trying to figure out how
>> > to get Suricata to bind to the netmap pipes.
>> >
>> > Anyone have any experience with using Netmap with Suricata? Or for
>> > that matter used the lb to do load balancing?
>> >
>> > Thanks in advance for the assistance!
>> >
>> > -James
>> >
>> > I can do the following:
>> >
>> > # lb -i ens1f1 -p foo:4
>> >
>> > and can bind to any of the four pipes using the netmap tool pkt-gen:
>> >
>> > # pkt-gen -i foo}0 -f rx
>> >
>> > But if I try on Suricata:
>> >
>> > # /usr/bin/suricata  -c /etc/suricata/suricata.yaml --netmap=foo}0
>> > --runmode=workers
>>
>> I'm not a netmap expert at all and I've never heard about this lb
>> tool.
>> But my understanding of netmap is that it behaves like the other
>> capture method. So you specify the interface to attach to and then you
>> say in Suricata YAML configuration how much threads you want to have.
>>
>> So in your case:
>>
>> usr/bin/suricata  -c /etc/suricata/suricata.yaml --netmap=ensf1
>>
>> and in the YAML:
>>
>>  netmap:
>>      # To specify OS endpoint add plus sign at the end (e.g. "eth0+")
>>    - interface: ens1f1
>>      threads: 4
>>
>> BR,
>> --
>> Eric Leblond <eric at regit.org>
>> _______________________________________________
>> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
>> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
>> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20170201/0df4162a/attachment.html>

More information about the Oisf-users mailing list