[Oisf-users] Netmap pipe configuration

Michael Shirk shirkdog.bsd at gmail.com
Wed Feb 1 00:03:53 UTC 2017 

I am assuming you are trying with FreeBSD?

If so, which version of FreeBSD? And even if you are doing this on Linux, I
would attempt to just use something like tcpdump to make sure TX/RX is
working correctly.



--
Michael Shirk
Daemon Security, Inc.
http://www.daemon-security.com

On Jan 31, 2017 6:58 PM, "Eric Leblond" <eric at regit.org> wrote:

> Hi,
>
> On Tue, 2017-01-31 at 15:52 -0800, James Dickenson wrote:
> > Hey All,
> >
> > I'm trying to test a Suricata configuration using Netmap and the
> > bundled Netmap tool lb to load balance for the Suricata worker
> > threads.  However I've run into some trouble trying to figure out how
> > to get Suricata to bind to the netmap pipes.
> >
> > Anyone have any experience with using Netmap with Suricata? Or for
> > that matter used the lb to do load balancing?
> >
> > Thanks in advance for the assistance!
> >
> > -James
> >
> > I can do the following:
> >
> > # lb -i ens1f1 -p foo:4
> >
> > and can bind to any of the four pipes using the netmap tool pkt-gen:
> >
> > # pkt-gen -i foo}0 -f rx
> >
> > But if I try on Suricata:
> >
> > # /usr/bin/suricata  -c /etc/suricata/suricata.yaml --netmap=foo}0
> > --runmode=workers
>
> I'm not a netmap expert at all and I've never heard about this lb
> tool.
> But my understanding of netmap is that it behaves like the other
> capture method. So you specify the interface to attach to and then you
> say in Suricata YAML configuration how much threads you want to have.
>
> So in your case:
>
> usr/bin/suricata  -c /etc/suricata/suricata.yaml --netmap=ensf1
>
> and in the YAML:
>
>  netmap:
>      # To specify OS endpoint add plus sign at the end (e.g. "eth0+")
>    - interface: ens1f1
>      threads: 4
>
> BR,
> --
> Eric Leblond <eric at regit.org>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20170131/28d9a740/attachment-0002.html>

More information about the Oisf-users mailing list