[Oisf-users] Really desperated: Suricata drops allmost packages
C. L. Martinez
carlopmart at gmail.com
Sun Apr 1 08:44:30 UTC 2018
On Sat, Mar 31, 2018 at 10:33:35PM +0200, Andreas Herz wrote:
> On 30/03/18 at 18:15, C. L. Martinez wrote:
> > On Wed, Mar 28, 2018 at 11:47:47PM +0200, Andreas Herz wrote:
> > > On 23/03/18 at 09:42, C. L. Martinez wrote:
> > > > ------------------------------------------------------------------------------------
> > > > capture.kernel_packets | Total |
> > > > 437700
> > > > capture.kernel_drops | Total |
> > > > 74114
> > >
> > > That's really bad, I agree.
> > >
> > > > 23/3/2018 -- 07:26:18 - <Info> - 9 rule files processed. 28727 rules
> > > > successfully loaded, 0 rules failed
> > >
> > > Is it possible that you run it with no rules just to make sure it's not
> > > related to any rule?
> > >
> > Ok, running with rules:
>
> With no rules :)? At least the output showed no signatures loaded
>
> > Counter | TM Name | Value
> > ------------------------------------------------------------------------------------
> > capture.kernel_packets | Total | 290657
> > capture.kernel_drops | Total | 3787
>
> Still drops but much lower. Do you see anything suspicious in the system
> logs? So far there are quite a lot possible reasons and we should try to
> narrow it down as best as we can.
>
> --
Thanks Andreas. No, I don't see anything strange under system logs. I am doing a similar test with OpenBSD 6.2, and numbers are more or less the same.
Some stats with rules loaded:
stats.log:
------------------------------------------------------------------------------------
Date: 4/1/2018 -- 08:16:17 (uptime: 0d, 00h 05m 14s)
------------------------------------------------------------------------------------
Counter | TM Name | Value
------------------------------------------------------------------------------------
capture.kernel_packets | Total | 60068
capture.kernel_drops | Total | 14615
decoder.pkts | Total | 39504
decoder.bytes | Total | 33491940
decoder.ipv4 | Total | 39454
decoder.ethernet | Total | 39504
decoder.tcp | Total | 18393
decoder.udp | Total | 20417
decoder.avg_pkt_size | Total | 847
decoder.max_pkt_size | Total | 1466
flow.tcp | Total | 21
flow.udp | Total | 11
tcp.sessions | Total | 20
tcp.syn | Total | 20
tcp.synack | Total | 20
app_layer.flow.tls | Total | 13
app_layer.flow.dns_udp | Total | 8
app_layer.tx.dns_udp | Total | 8
app_layer.flow.failed_udp | Total | 3
flow.spare | Total | 10000
flow_mgr.rows_checked | Total | 65536
flow_mgr.rows_skipped | Total | 65536
tcp.memuse | Total | 1146880
tcp.reassembly_memuse | Total | 163840
flow.memuse | Total | 7083232
suricata.log:
1/4/2018 -- 08:10:38 - <Notice> - This is Suricata version 4.0.4 RELEASE
1/4/2018 -- 08:10:38 - <Info> - CPUs/cores online: 2
1/4/2018 -- 08:10:38 - <Info> - Found an MTU of 1512 for 'vio2'
1/4/2018 -- 08:10:38 - <Info> - Found an MTU of 1512 for 'vio2'
1/4/2018 -- 08:10:38 - <Info> - Found an MTU of 1500 for 'vio3'
1/4/2018 -- 08:10:38 - <Info> - Found an MTU of 1500 for 'vio3'
1/4/2018 -- 08:10:38 - <Info> - Use pid file /var/run/suricata.pid from config file.
1/4/2018 -- 08:10:38 - <Info> - Max dump is 0
1/4/2018 -- 08:10:38 - <Info> - Core dump setting attempted is 0
1/4/2018 -- 08:10:38 - <Info> - Core dump size set to 0
1/4/2018 -- 08:10:38 - <Info> - Running in live mode, activating unix socket
1/4/2018 -- 08:10:49 - <Info> - 8 rule files processed. 139639 rules successfully loaded, 0 rules failed
1/4/2018 -- 08:10:49 - <Info> - Threshold config parsed: 0 rule(s) found
1/4/2018 -- 08:10:49 - <Info> - 139639 signatures processed. 1283 are IP-only rules, 3245 are inspecting packet payload, 136147 inspect application layer, 0 are decoder event only
1/4/2018 -- 08:11:03 - <Info> - fast output device (regular) initialized: fast.log
1/4/2018 -- 08:11:03 - <Info> - stats output device (regular) initialized: stats.log
1/4/2018 -- 08:11:03 - <Info> - Going to use 1 thread(s)
1/4/2018 -- 08:11:03 - <Info> - using interface vio2
1/4/2018 -- 08:11:03 - <Info> - Running in 'auto' checksum mode. Detection of interface state will require 1000 packets.
1/4/2018 -- 08:11:03 - <Info> - Found an MTU of 1512 for 'vio2'
1/4/2018 -- 08:11:03 - <Info> - Set snaplen to 1536 for 'vio2'
1/4/2018 -- 08:11:03 - <Info> - Going to use 1 thread(s)
1/4/2018 -- 08:11:03 - <Info> - using interface vio3
1/4/2018 -- 08:11:03 - <Info> - Running in 'auto' checksum mode. Detection of interface state will require 1000 packets.
1/4/2018 -- 08:11:03 - <Info> - Found an MTU of 1512 for 'vio3'
1/4/2018 -- 08:11:03 - <Info> - Set snaplen to 1536 for 'vio3'
1/4/2018 -- 08:11:03 - <Info> - RunModeIdsPcapWorkers initialised
1/4/2018 -- 08:11:04 - <Info> - Running in live mode, activating unix socket
1/4/2018 -- 08:11:04 - <Info> - Using unix socket file '/var/run/suricata/suricata-command.socket'
1/4/2018 -- 08:11:04 - <Notice> - all 2 packet processing threads, 4 management threads initialized, engine started.
1/4/2018 -- 08:11:49 - <Info> - No packets with invalid checksum, assuming checksum offloading is NOT used
1/4/2018 -- 08:15:44 - <Notice> - Signal Received. Stopping engine.
1/4/2018 -- 08:16:17 - <Info> - time elapsed 313.474s
1/4/2018 -- 08:16:17 - <Info> - (W#01-vio2) Packets 39104, bytes 33395376
1/4/2018 -- 08:16:17 - <Info> - (W#01-vio2) Pcap Total:39197 Recv:39197 Drop:0 (0.0%).
1/4/2018 -- 08:16:17 - <Info> - (W#01-vio3) Packets 400, bytes 96564
1/4/2018 -- 08:16:17 - <Info> - (W#01-vio3) Pcap Total:20970 Recv:6350 Drop:14620 (69.7%).
1/4/2018 -- 08:16:17 - <Info> - Alerts: 0
1/4/2018 -- 08:16:20 - <Info> - cleaning up signature grouping structure... complete
1/4/2018 -- 08:16:20 - <Notice> - Stats for 'vio2': pkts: 39104, drop: 0 (0.00%), invalid chksum: 0
1/4/2018 -- 08:16:20 - <Notice> - Stats for 'vio3': pkts: 400, drop: 14615 (3653.75%), invalid chksum: 0
Some stats without rules loaded:
stats.log:
------------------------------------------------------------------------------------
Date: 4/1/2018 -- 08:24:56 (uptime: 0d, 00h 03m 29s)
------------------------------------------------------------------------------------
Counter | TM Name | Value
------------------------------------------------------------------------------------
capture.kernel_packets | Total | 74305
decoder.pkts | Total | 74307
decoder.bytes | Total | 65362114
decoder.ipv4 | Total | 74247
decoder.ethernet | Total | 74307
decoder.tcp | Total | 48262
decoder.udp | Total | 25158
decoder.avg_pkt_size | Total | 879
decoder.max_pkt_size | Total | 1466
flow.tcp | Total | 141
flow.udp | Total | 66
tcp.sessions | Total | 140
tcp.syn | Total | 140
tcp.synack | Total | 140
tcp.rst | Total | 23
tcp.stream_depth_reached | Total | 5
app_layer.flow.http | Total | 11
app_layer.tx.http | Total | 24
app_layer.flow.tls | Total | 106
app_layer.flow.dns_udp | Total | 63
app_layer.tx.dns_udp | Total | 63
app_layer.flow.failed_udp | Total | 3
flow_mgr.closed_pruned | Total | 16
flow.spare | Total | 10000
flow_mgr.flows_checked | Total | 7
flow_mgr.flows_notimeout | Total | 1
flow_mgr.flows_timeout | Total | 6
flow_mgr.flows_timeout_inuse | Total | 6
flow_mgr.rows_checked | Total | 65536
flow_mgr.rows_skipped | Total | 65523
flow_mgr.rows_empty | Total | 6
flow_mgr.rows_maxlen | Total | 1
tcp.memuse | Total | 1146880
tcp.reassembly_memuse | Total | 163840
flow.memuse | Total | 7129312
suricata.log:
1/4/2018 -- 08:21:27 - <Notice> - This is Suricata version 4.0.4 RELEASE
1/4/2018 -- 08:21:27 - <Info> - CPUs/cores online: 2
1/4/2018 -- 08:21:27 - <Info> - Found an MTU of 1512 for 'vio2'
1/4/2018 -- 08:21:27 - <Info> - Found an MTU of 1512 for 'vio2'
1/4/2018 -- 08:21:27 - <Info> - Found an MTU of 1512 for 'vio3'
1/4/2018 -- 08:21:27 - <Info> - Found an MTU of 1512 for 'vio3'
1/4/2018 -- 08:21:27 - <Info> - Use pid file /var/run/suricata.pid from config file.
1/4/2018 -- 08:21:27 - <Info> - Max dump is 0
1/4/2018 -- 08:21:27 - <Info> - Core dump setting attempted is 0
1/4/2018 -- 08:21:27 - <Info> - Core dump size set to 0
1/4/2018 -- 08:21:27 - <Info> - Running in live mode, activating unix socket
1/4/2018 -- 08:21:27 - <Info> - No signatures supplied.
1/4/2018 -- 08:21:27 - <Info> - fast output device (regular) initialized: fast.log
1/4/2018 -- 08:21:27 - <Info> - stats output device (regular) initialized: stats.log
1/4/2018 -- 08:21:27 - <Info> - Going to use 1 thread(s)
1/4/2018 -- 08:21:27 - <Info> - using interface vio2
1/4/2018 -- 08:21:27 - <Info> - Running in 'auto' checksum mode. Detection of interface state will require 1000 packets.
1/4/2018 -- 08:21:27 - <Info> - Found an MTU of 1512 for 'vio2'
1/4/2018 -- 08:21:27 - <Info> - Set snaplen to 1536 for 'vio2'
1/4/2018 -- 08:21:27 - <Info> - Going to use 1 thread(s)
1/4/2018 -- 08:21:27 - <Info> - using interface vio3
1/4/2018 -- 08:21:27 - <Info> - Running in 'auto' checksum mode. Detection of interface state will require 1000 packets.
1/4/2018 -- 08:21:27 - <Info> - Found an MTU of 1512 for 'vio3'
1/4/2018 -- 08:21:27 - <Info> - Set snaplen to 1536 for 'vio3'
1/4/2018 -- 08:21:27 - <Info> - RunModeIdsPcapWorkers initialised
1/4/2018 -- 08:21:27 - <Info> - Running in live mode, activating unix socket
1/4/2018 -- 08:21:27 - <Info> - Using unix socket file '/var/run/suricata/suricata-command.socket'
1/4/2018 -- 08:21:27 - <Notice> - all 2 packet processing threads, 4 management threads initialized, engine started.
1/4/2018 -- 08:22:03 - <Info> - No packets with invalid checksum, assuming checksum offloading is NOT used
1/4/2018 -- 08:22:22 - <Info> - No packets with invalid checksum, assuming checksum offloading is NOT used
1/4/2018 -- 08:24:56 - <Notice> - Signal Received. Stopping engine.
1/4/2018 -- 08:24:56 - <Info> - time elapsed 208.886s
1/4/2018 -- 08:24:56 - <Info> - (W#01-vio2) Packets 48892, bytes 44696742
1/4/2018 -- 08:24:56 - <Info> - (W#01-vio2) Pcap Total:48893 Recv:48893 Drop:0 (0.0%).
1/4/2018 -- 08:24:56 - <Info> - (W#01-vio3) Packets 25415, bytes 20665372
1/4/2018 -- 08:24:56 - <Info> - (W#01-vio3) Pcap Total:25415 Recv:25415 Drop:0 (0.0%).
1/4/2018 -- 08:24:56 - <Info> - Alerts: 0
1/4/2018 -- 08:24:56 - <Info> - cleaning up signature grouping structure... complete
1/4/2018 -- 08:24:56 - <Notice> - Stats for 'vio2': pkts: 48892, drop: 0 (0.00%), invalid chksum: 0
1/4/2018 -- 08:24:56 - <Notice> - Stats for 'vio3': pkts: 25415, drop: 0 (0.00%), invalid chksum: 0
Ok, it seems that depending how rules I load under suricata, behavior is different. Loading the following rules:
dshield.rules
emerging-malware.rules
emerging-mobile_malware.rules
emerging-trojan.rules
emerging-worm.rules
stats.log:
------------------------------------------------------------------------------------
Date: 4/1/2018 -- 08:35:32 (uptime: 0d, 00h 04m 53s)
------------------------------------------------------------------------------------
Counter | TM Name | Value
------------------------------------------------------------------------------------
capture.kernel_packets | Total | 64463
decoder.pkts | Total | 64468
decoder.bytes | Total | 50883568
decoder.ipv4 | Total | 64384
decoder.ethernet | Total | 64468
decoder.tcp | Total | 41244
decoder.udp | Total | 21985
decoder.avg_pkt_size | Total | 789
decoder.max_pkt_size | Total | 1466
flow.tcp | Total | 164
flow.udp | Total | 31
tcp.sessions | Total | 163
tcp.syn | Total | 167
tcp.synack | Total | 163
tcp.rst | Total | 101
tcp.stream_depth_reached | Total | 3
app_layer.flow.http | Total | 13
app_layer.tx.http | Total | 30
app_layer.flow.tls | Total | 137
app_layer.flow.dns_udp | Total | 28
app_layer.tx.dns_udp | Total | 28
app_layer.flow.failed_udp | Total | 3
flow_mgr.closed_pruned | Total | 56
flow.spare | Total | 10000
flow_mgr.rows_checked | Total | 65536
flow_mgr.rows_skipped | Total | 65536
tcp.memuse | Total | 1146880
tcp.reassembly_memuse | Total | 163840
flow.memuse | Total | 7114336
suricata.log:
1/4/2018 -- 08:30:35 - <Notice> - This is Suricata version 4.0.4 RELEASE
1/4/2018 -- 08:30:35 - <Info> - CPUs/cores online: 2
1/4/2018 -- 08:30:35 - <Info> - Found an MTU of 1512 for 'vio2'
1/4/2018 -- 08:30:35 - <Info> - Found an MTU of 1512 for 'vio2'
1/4/2018 -- 08:30:35 - <Info> - Found an MTU of 1512 for 'vio3'
1/4/2018 -- 08:30:35 - <Info> - Found an MTU of 1512 for 'vio3'
1/4/2018 -- 08:30:35 - <Info> - Use pid file /var/run/suricata.pid from config file.
1/4/2018 -- 08:30:35 - <Info> - Max dump is 0
1/4/2018 -- 08:30:35 - <Info> - Core dump setting attempted is 0
1/4/2018 -- 08:30:35 - <Info> - Core dump size set to 0
1/4/2018 -- 08:30:36 - <Info> - Running in live mode, activating unix socket
1/4/2018 -- 08:30:38 - <Info> - 5 rule files processed. 5857 rules successfully loaded, 0 rules failed
1/4/2018 -- 08:30:38 - <Info> - Threshold config parsed: 0 rule(s) found
1/4/2018 -- 08:30:38 - <Info> - 5857 signatures processed. 1 are IP-only rules, 3009 are inspecting packet payload, 3838 inspect application layer, 0 are decoder event only
1/4/2018 -- 08:30:39 - <Info> - fast output device (regular) initialized: fast.log
1/4/2018 -- 08:30:39 - <Info> - stats output device (regular) initialized: stats.log
1/4/2018 -- 08:30:39 - <Info> - Going to use 1 thread(s)
1/4/2018 -- 08:30:39 - <Info> - using interface vio2
1/4/2018 -- 08:30:39 - <Info> - Running in 'auto' checksum mode. Detection of interface state will require 1000 packets.
1/4/2018 -- 08:30:39 - <Info> - Found an MTU of 1512 for 'vio2'
1/4/2018 -- 08:30:39 - <Info> - Set snaplen to 1536 for 'vio2'
1/4/2018 -- 08:30:39 - <Info> - Going to use 1 thread(s)
1/4/2018 -- 08:30:39 - <Info> - using interface vio3
1/4/2018 -- 08:30:39 - <Info> - Running in 'auto' checksum mode. Detection of interface state will require 1000 packets.
1/4/2018 -- 08:30:39 - <Info> - Found an MTU of 1512 for 'vio3'
1/4/2018 -- 08:30:39 - <Info> - Set snaplen to 1536 for 'vio3'
1/4/2018 -- 08:30:39 - <Info> - RunModeIdsPcapWorkers initialised
1/4/2018 -- 08:30:39 - <Info> - Running in live mode, activating unix socket
1/4/2018 -- 08:30:39 - <Info> - Using unix socket file '/var/run/suricata/suricata-command.socket'
1/4/2018 -- 08:30:39 - <Notice> - all 2 packet processing threads, 4 management threads initialized, engine started.
1/4/2018 -- 08:31:12 - <Info> - No packets with invalid checksum, assuming checksum offloading is NOT used
1/4/2018 -- 08:31:14 - <Info> - No packets with invalid checksum, assuming checksum offloading is NOT used
1/4/2018 -- 08:35:30 - <Notice> - Signal Received. Stopping engine.
1/4/2018 -- 08:35:31 - <Info> - time elapsed 291.802s
1/4/2018 -- 08:35:32 - <Info> - (W#01-vio2) Packets 42041, bytes 35125020
1/4/2018 -- 08:35:32 - <Info> - (W#01-vio2) Pcap Total:42044 Recv:42044 Drop:0 (0.0%).
1/4/2018 -- 08:35:32 - <Info> - (W#01-vio3) Packets 22427, bytes 15758548
1/4/2018 -- 08:35:32 - <Info> - (W#01-vio3) Pcap Total:22429 Recv:22429 Drop:0 (0.0%).
1/4/2018 -- 08:35:32 - <Info> - Alerts: 0
1/4/2018 -- 08:35:32 - <Info> - cleaning up signature grouping structure... complete
1/4/2018 -- 08:35:32 - <Notice> - Stats for 'vio2': pkts: 42041, drop: 0 (0.00%), invalid chksum: 0
1/4/2018 -- 08:35:32 - <Notice> - Stats for 'vio3': pkts: 22427, drop: 0 (0.00%), invalid chksum: 0
Uhmm .. These are good numbers with similar traffic ... Ok, I will add some TLS rules from abuse.ch
dyre_sslblacklist.rules
sslblacklist.rules
and results are:
stats.log:
------------------------------------------------------------------------------------
Date: 4/1/2018 -- 08:42:54 (uptime: 0d, 00h 03m 55s)
------------------------------------------------------------------------------------
Counter | TM Name | Value
------------------------------------------------------------------------------------
capture.kernel_packets | Total | 87830
capture.kernel_drops | Total | 27524
decoder.pkts | Total | 52137
decoder.bytes | Total | 47788164
decoder.ipv4 | Total | 52111
decoder.ethernet | Total | 52137
decoder.tcp | Total | 25360
decoder.udp | Total | 26419
decoder.avg_pkt_size | Total | 916
decoder.max_pkt_size | Total | 1466
flow.tcp | Total | 26
flow.udp | Total | 15
tcp.sessions | Total | 13
tcp.syn | Total | 13
tcp.synack | Total | 13
app_layer.flow.tls | Total | 13
app_layer.flow.dns_udp | Total | 12
app_layer.tx.dns_udp | Total | 12
app_layer.flow.failed_udp | Total | 3
flow_mgr.new_pruned | Total | 12
flow.spare | Total | 10000
flow_mgr.flows_checked | Total | 1
flow_mgr.flows_notimeout | Total | 1
flow_mgr.rows_checked | Total | 65536
flow_mgr.rows_skipped | Total | 65535
flow_mgr.rows_maxlen | Total | 1
tcp.memuse | Total | 1146880
tcp.reassembly_memuse | Total | 163840
flow.memuse | Total | 7082656
suricata.log:
1/4/2018 -- 08:38:37 - <Notice> - This is Suricata version 4.0.4 RELEASE
1/4/2018 -- 08:38:37 - <Info> - CPUs/cores online: 2
1/4/2018 -- 08:38:37 - <Info> - Found an MTU of 1512 for 'vio2'
1/4/2018 -- 08:38:37 - <Info> - Found an MTU of 1512 for 'vio2'
1/4/2018 -- 08:38:37 - <Info> - Found an MTU of 1512 for 'vio3'
1/4/2018 -- 08:38:37 - <Info> - Found an MTU of 1512 for 'vio3'
1/4/2018 -- 08:38:37 - <Info> - Use pid file /var/run/suricata.pid from config file.
1/4/2018 -- 08:38:37 - <Info> - Max dump is 0
1/4/2018 -- 08:38:37 - <Info> - Core dump setting attempted is 0
1/4/2018 -- 08:38:37 - <Info> - Core dump size set to 0
1/4/2018 -- 08:38:37 - <Info> - Running in live mode, activating unix socket
1/4/2018 -- 08:38:48 - <Info> - 7 rule files processed. 137809 rules successfully loaded, 0 rules failed
1/4/2018 -- 08:38:48 - <Info> - Threshold config parsed: 0 rule(s) found
1/4/2018 -- 08:38:49 - <Info> - 137809 signatures processed. 1 are IP-only rules, 3009 are inspecting packet payload, 135790 inspect application layer, 0 are decoder event only
1/4/2018 -- 08:38:59 - <Info> - fast output device (regular) initialized: fast.log
1/4/2018 -- 08:38:59 - <Info> - stats output device (regular) initialized: stats.log
1/4/2018 -- 08:38:59 - <Info> - Going to use 1 thread(s)
1/4/2018 -- 08:38:59 - <Info> - using interface vio2
1/4/2018 -- 08:38:59 - <Info> - Running in 'auto' checksum mode. Detection of interface state will require 1000 packets.
1/4/2018 -- 08:38:59 - <Info> - Found an MTU of 1512 for 'vio2'
1/4/2018 -- 08:38:59 - <Info> - Set snaplen to 1536 for 'vio2'
1/4/2018 -- 08:38:59 - <Info> - Going to use 1 thread(s)
1/4/2018 -- 08:38:59 - <Info> - using interface vio3
1/4/2018 -- 08:38:59 - <Info> - Running in 'auto' checksum mode. Detection of interface state will require 1000 packets.
1/4/2018 -- 08:38:59 - <Info> - Found an MTU of 1512 for 'vio3'
1/4/2018 -- 08:38:59 - <Info> - Set snaplen to 1536 for 'vio3'
1/4/2018 -- 08:38:59 - <Info> - RunModeIdsPcapWorkers initialised
1/4/2018 -- 08:38:59 - <Info> - Running in live mode, activating unix socket
1/4/2018 -- 08:38:59 - <Info> - Using unix socket file '/var/run/suricata/suricata-command.socket'
1/4/2018 -- 08:38:59 - <Notice> - all 2 packet processing threads, 4 management threads initialized, engine started.
1/4/2018 -- 08:39:38 - <Info> - No packets with invalid checksum, assuming checksum offloading is NOT used
1/4/2018 -- 08:41:27 - <Notice> - Signal Received. Stopping engine.
1/4/2018 -- 08:42:54 - <Info> - time elapsed 235.315s
1/4/2018 -- 08:42:55 - <Info> - (W#01-vio2) Packets 51867, bytes 47751779
1/4/2018 -- 08:42:55 - <Info> - (W#01-vio2) Pcap Total:63292 Recv:56575 Drop:6717 (10.6%).
1/4/2018 -- 08:42:55 - <Info> - (W#01-vio3) Packets 270, bytes 36385
1/4/2018 -- 08:42:55 - <Info> - (W#01-vio3) Pcap Total:32424 Recv:7976 Drop:24448 (75.4%).
1/4/2018 -- 08:42:55 - <Info> - Alerts: 0
1/4/2018 -- 08:42:56 - <Info> - cleaning up signature grouping structure... complete
1/4/2018 -- 08:42:56 - <Notice> - Stats for 'vio2': pkts: 51867, drop: 3078 (5.93%), invalid chksum: 0
1/4/2018 -- 08:42:56 - <Notice> - Stats for 'vio3': pkts: 270, drop: 24446 (9054.07%), invalid chksum: 0
AS you can see, a really bad numbers ... Uhmm .. I will try to change to e1000 virtual interfaces to see how it goes ...
--
Greetings,
C. L. Martinez
More information about the Oisf-users
mailing list