[Oisf-users] problem with af-packet on host
erik clark
philosnef at gmail.com
Wed Nov 8 15:28:22 UTC 2017
Ok, thanks all. We will update to the latest ml and see if that resolves
it. Thank you much all!
On Wed, Nov 8, 2017 at 9:26 AM, Peter Manev <petermanev at gmail.com> wrote:
> On Wed, Nov 8, 2017 at 3:22 PM, Éric Leblond <eric at regit.org> wrote:
> > Hi,
> >
> > Le 8 nov. 2017 2:03 PM, erik clark <philosnef at gmail.com> a écrit :
> >
> > Ok, so we found our problem. Turns out that kernel 4.13.4-1.elrepo.x86_64
> > does not work with Suricata for af_packet fanout. By downgrading to
> kernel
> > 4.12.8-1.elrepo.x86_64, this worked again
> >
> >
> > Which distribution is that? There was a recent security fix in afpacket.
> > Maybe there is a regression there. It could worth to report it.
> >
>
> To info add to Eric Leblond's comment -
> i have tested af-packet on kernel 4.13.10 (compiled form source -
> https://www.kernel.org/ ) and didn't have that issue.
>
> > BR,
> >
> >
> > . Please advise as to why this kernel does not seem to work. It properly
> > fans out for Bro, so it seems to be something specific to Suri. Thanks!
> >
> >
> > On Tue, Nov 7, 2017 at 12:59 PM, erik clark <philosnef at gmail.com> wrote:
> >
> > Soooo, we have this suricata.yaml file we use everywhere. On this new
> > server, we are getting this fun:
> >
> > - Couldn't init AF_PACKET socket, fatal error
> >
> > Coudn't set fanout mode, error Invalid argument
> >
> > We are running 4.13 kernel, which supports tpacket_v3 and af_packet.
> Please
> > advise. We can't find anything amiss in our conf. Thanks!
> >
> >
> >
> >
> > _______________________________________________
> > Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> > Site: http://suricata-ids.org | Support: http://suricata-ids.org/
> support/
> > List: https://lists.openinfosecfoundation.org/
> mailman/listinfo/oisf-users
> >
> > Conference: https://suricon.net
> > Trainings: https://suricata-ids.org/training/
>
>
>
> --
> Regards,
> Peter Manev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20171108/3d1e128d/attachment-0002.html>
More information about the Oisf-users
mailing list