[Oisf-users] traffic doesn't forward suricata and netmap.
Victor Julien
lists at inliniac.net
Mon Jan 15 14:14:30 UTC 2018
On 15-01-18 15:07, Fatih USTA wrote:
> Hi
>
> I'm working on suricata with netmap.
>
> I builded suricata 4.0.3 with netmap on centos 7(kernel 3.10.xx).
>
> I disabled rx/tx and lro/gro
>
> ethtool -K ens15f0 lro off gro off
> ethtool -K ens15f1 lro off gro off
>
> ethtool -A ens15f0 rx off tx off
> ethtool -A ens15f1 rx off tx off
>
> Traffic does not forward when I start suricata.
>
> From 10.1.8.2 icmp_seq=18 Destination Host Unreachable
> From 10.1.8.2 icmp_seq=19 Destination Host Unreachable
>
> Any idea? Thank you for your help.
>
> *my suricata config*
>
> netmap:
> - inteface: default
>
> - interface: ens15f0
> copy-iface: ens15f1
> copy-mode: ips
> disable-promisc: no
> checksum-checks: auto
> threads: auto
>
> - interface: ens15f1
> copy-iface: ens15f0
> copy-mode: ips
> disable-promisc: no
> checksum-checks: auto
> threads: auto
>
> *Kenel Modules*
>
> [root at centos7 ~]# lsmod | grep netmap
> netmap 154288 2 igb,ixgbe
>
> *Build INFO*
> [root at centos7 ~]# suricata --build-info
> This is Suricata version 4.0.3 RELEASE
> Features: NFQ PCAP_SET_BUFF AF_PACKET NETMAP HAVE_PACKET_FANOUT
> LIBCAP_NG LIBNET1.1 HAVE_HTP_URI_NORMALIZE_HOOK PCRE_JIT HAVE_NSS
> HAVE_LUA HAVE_LIBJANSSON TLS MAGIC
> SIMD support: none
> Atomic intrisics: 1 2 4 8 byte(s)
> 64-bits, Little-endian architecture
> GCC version 4.8.5 20150623 (Red Hat 4.8.5-16), C version 199901
> compiled with _FORTIFY_SOURCE=2
> L1 cache line size (CLS)=64
> thread local storage method: __thread
> compiled with LibHTP v0.5.25, linked against LibHTP v0.5.25
>
> Suricata Configuration:
> AF_PACKET support: yes
> PF_RING support: no
> NFQueue support: yes
> NFLOG support: yes
> IPFW support: no
> Netmap support: yes
> DAG enabled: no
> Napatech enabled: no
>
> Unix socket enabled: yes
> Detection enabled: yes
>
> Libmagic support: yes
> libnss support: yes
> libnspr support: yes
> libjansson support: yes
> hiredis support: yes
> hiredis async with libevent: yes
> Prelude support: yes
> PCRE jit: yes
> LUA support: yes
> libluajit: no
> libgeoip: yes
> Non-bundled htp: no
> Old barnyard2 support: no
> CUDA enabled: no
> Hyperscan support: no
> Libnet support: yes
>
> Rust support (experimental): no
> Experimental Rust parsers: no
> Rust strict mode: no
>
> Suricatasc install: yes
>
> Profiling enabled: no
> Profiling locks enabled: no
>
> Development settings:
> Coccinelle / spatch: no
> Unit tests enabled: no
> Debug output enabled: no
> Debug validation enabled: no
>
> Generic build parameters:
> Installation prefix: /usr
> Configuration directory: /etc/suricata/
> Log directory: /var/log/suricata/
>
> --prefix /usr
> --sysconfdir /etc
> --localstatedir /var
>
> Host: x86_64-redhat-linux-gnu
> Compiler: gcc -std=gnu99 (exec name) /
> gcc (real)
> GCC Protect enabled: yes
> GCC march native enabled: no
> GCC Profile enabled: no
> Position Independent Executable enabled: yes
> CFLAGS -O2 -g -pipe -Wall
> -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong
> --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic
> PCAP_CFLAGS
> SECCFLAGS -fstack-protector
> -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security
>
Can you share your command line and the output when '-vvv' is added to it?
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list