[Oisf-users] problem with af-packet on host
Peter Manev
petermanev at gmail.com
Wed Nov 8 14:26:13 UTC 2017
On Wed, Nov 8, 2017 at 3:22 PM, Éric Leblond <eric at regit.org> wrote:
> Hi,
>
> Le 8 nov. 2017 2:03 PM, erik clark <philosnef at gmail.com> a écrit :
>
> Ok, so we found our problem. Turns out that kernel 4.13.4-1.elrepo.x86_64
> does not work with Suricata for af_packet fanout. By downgrading to kernel
> 4.12.8-1.elrepo.x86_64, this worked again
>
>
> Which distribution is that? There was a recent security fix in afpacket.
> Maybe there is a regression there. It could worth to report it.
>
To info add to Eric Leblond's comment -
i have tested af-packet on kernel 4.13.10 (compiled form source -
https://www.kernel.org/ ) and didn't have that issue.
> BR,
>
>
> . Please advise as to why this kernel does not seem to work. It properly
> fans out for Bro, so it seems to be something specific to Suri. Thanks!
>
>
> On Tue, Nov 7, 2017 at 12:59 PM, erik clark <philosnef at gmail.com> wrote:
>
> Soooo, we have this suricata.yaml file we use everywhere. On this new
> server, we are getting this fun:
>
> - Couldn't init AF_PACKET socket, fatal error
>
> Coudn't set fanout mode, error Invalid argument
>
> We are running 4.13 kernel, which supports tpacket_v3 and af_packet. Please
> advise. We can't find anything amiss in our conf. Thanks!
>
>
>
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/
--
Regards,
Peter Manev
More information about the Oisf-users
mailing list