[Oisf-users] Problems starting Suricata
Charles Devoe
Charles.Devoe at cisecurity.org
Wed Oct 25 16:13:15 UTC 2017
I have a Dell R630 system with an Intel X710 DP 10 GB DA/SFP+ + I350 DP 1GB Daughter card and an Intel X710 Dual Port 10GB PCI Card.
It is Running Red Hat 6.8 kernel 3.8.13-118.8.1.el6uek.x86_64, Suricata 3.0
NIC driver: i40e, version: 2.2.4 Latest firmware.
When the system boots the NIC cards will only observe broadcast traffic. In order for the card to receive all traffic being forwarded to it I have to do the following
1. Stop em1, em2, p3p1,p3p2 (ifdown)
2. modprobe -r i40e
3. modprobe i40e
4. Configure the interfaces
ethtool -K em1 tso off gro off ufo off lro off gso off rx off tx off rxvlan off txvlan off
ethtool -L em1 combined 1
ethtool -K em2 tso off gro off ufo off lro off gso off rx off tx off rxvlan off txvlan off
ethtool -L em2 combined 1
ethtool -K p3p1 tso off gro off ufo off lro off gso off rx off tx off rxvlan off txvlan off
ethtool -L p3p1 combined 1
ethtool -K p3p2 tso off gro off ufo off lro off gso off rx off tx off rxvlan off txvlan off
ethtool -L p3p2 combined 1
5. Bring the interfaces up (ifup)
6. Start Suricata
We have 100+ sensors with Intel cards in them with no issues.
Has anyone experienced this issue and is there a fix????
This message and attachments may contain confidential information. If it appears that this message was sent to you by mistake, any retention, dissemination, distribution or copying of this message and attachments is strictly prohibited. Please notify the sender immediately and permanently delete the message and any attachments.
. . . . .
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20171025/8d3c7ac6/attachment.html>
More information about the Oisf-users
mailing list