[Oisf-users] traffic doesn't forward suricata and netmap.
Fatih USTA
fatihusta86 at gmail.com
Mon Jan 15 14:07:56 UTC 2018
Hi
I'm working on suricata with netmap.
I builded suricata 4.0.3 with netmap on centos 7(kernel 3.10.xx).
I disabled rx/tx and lro/gro
ethtool -K ens15f0 lro off gro off
ethtool -K ens15f1 lro off gro off
ethtool -A ens15f0 rx off tx off
ethtool -A ens15f1 rx off tx off
Traffic does not forward when I start suricata.
From 10.1.8.2 icmp_seq=18 Destination Host Unreachable
From 10.1.8.2 icmp_seq=19 Destination Host Unreachable
Any idea? Thank you for your help.
*my suricata config*
netmap:
- inteface: default
- interface: ens15f0
copy-iface: ens15f1
copy-mode: ips
disable-promisc: no
checksum-checks: auto
threads: auto
- interface: ens15f1
copy-iface: ens15f0
copy-mode: ips
disable-promisc: no
checksum-checks: auto
threads: auto
*Kenel Modules*
[root at centos7 ~]# lsmod | grep netmap
netmap 154288 2 igb,ixgbe
*Build INFO*
[root at centos7 ~]# suricata --build-info
This is Suricata version 4.0.3 RELEASE
Features: NFQ PCAP_SET_BUFF AF_PACKET NETMAP HAVE_PACKET_FANOUT
LIBCAP_NG LIBNET1.1 HAVE_HTP_URI_NORMALIZE_HOOK PCRE_JIT HAVE_NSS
HAVE_LUA HAVE_LIBJANSSON TLS MAGIC
SIMD support: none
Atomic intrisics: 1 2 4 8 byte(s)
64-bits, Little-endian architecture
GCC version 4.8.5 20150623 (Red Hat 4.8.5-16), C version 199901
compiled with _FORTIFY_SOURCE=2
L1 cache line size (CLS)=64
thread local storage method: __thread
compiled with LibHTP v0.5.25, linked against LibHTP v0.5.25
Suricata Configuration:
AF_PACKET support: yes
PF_RING support: no
NFQueue support: yes
NFLOG support: yes
IPFW support: no
Netmap support: yes
DAG enabled: no
Napatech enabled: no
Unix socket enabled: yes
Detection enabled: yes
Libmagic support: yes
libnss support: yes
libnspr support: yes
libjansson support: yes
hiredis support: yes
hiredis async with libevent: yes
Prelude support: yes
PCRE jit: yes
LUA support: yes
libluajit: no
libgeoip: yes
Non-bundled htp: no
Old barnyard2 support: no
CUDA enabled: no
Hyperscan support: no
Libnet support: yes
Rust support (experimental): no
Experimental Rust parsers: no
Rust strict mode: no
Suricatasc install: yes
Profiling enabled: no
Profiling locks enabled: no
Development settings:
Coccinelle / spatch: no
Unit tests enabled: no
Debug output enabled: no
Debug validation enabled: no
Generic build parameters:
Installation prefix: /usr
Configuration directory: /etc/suricata/
Log directory: /var/log/suricata/
--prefix /usr
--sysconfdir /etc
--localstatedir /var
Host: x86_64-redhat-linux-gnu
Compiler: gcc -std=gnu99 (exec name) /
gcc (real)
GCC Protect enabled: yes
GCC march native enabled: no
GCC Profile enabled: no
Position Independent Executable enabled: yes
CFLAGS -O2 -g -pipe -Wall
-Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong
--param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic
PCAP_CFLAGS
SECCFLAGS -fstack-protector
-D_FORTIFY_SOURCE=2 -Wformat -Wformat-security
--
Fatih USTA
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20180115/519a20a4/attachment.html>
More information about the Oisf-users
mailing list