[Oisf-users] As I enabled the packet profiling, packet drop was generated.
이상철
leesc at ictis.kr
Tue Jun 6 10:23:30 UTC 2017
HI!
As I enabled the packet profiling, packet drop was generated.
The packet drop was confirmed by “packet.kernel_drop” in stats.log.
I want to always enable the packet profiling in my product, how can I
improve?
I generated 160 Kpps(packet per sec) traffic and lost 30% of the packets.
The size of each packet size is 64 bytes.
I have analyzed the source code and have found that packet drop will not
occur if the SCProfilingPrintPacketProfile() function is not executed.
How do I improve this function and are there any other improvement options?
Below is the hardware specification and suricata configuration information.
Hardware spec.
CPU : Intel(R) Xeon(R) CPU E5-2660 v3 @ 2.60GHz
10 cores, 20 threads
Memory : 16G
Ethernet : Intel Corporation 82580 Gigabit ( 1Gbps)
Suricata Version : 3.2.1
OS - linux debian 8
excute command : "suricata -c /etc/suricata/suricata.yaml --af-packet"
number of rules : 9000
suricata.yaml
af-packet:
- interface: eth0
threads: auto
cluster-id: 99
cluster-type: cluster_flow
defrag: yes
use-mmap: yes
buffer-size: 64535
copy-mode: ips
copy-iface: eth1
- interface: eth1
threads: auto
cluster-id: 98
cluster-type: cluster_flow
defrag: yes
use-mmap: yes
buffer-size: 64535
copy-mode: ips
copy-iface: eth0
packets:
# Profiling can be disabled here, but it will still have a
# performance impact if compiled in.
enabled: yes
filename: packet_stats.log
append: yes
# per packet csv output
csv:
# Output can be disabled here, but it will still have a
# performance impact if compiled in.
enabled: yes
filename: packet_stats.csv
Sincerely
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20170606/1c796b5d/attachment.html>
More information about the Oisf-users
mailing list