[Oisf-users] Packet Fanout on CentOS 7?
Cloherty, Sean E
scloherty at mitre.org
Sun Nov 17 01:45:19 UTC 2019
After taking the Advanced Deployment and Architecture class I was fired up with ideas for improvements in my own environment. I want to use the cluster_qm mode and match worker/CPUs/RSS queues in CentOS 7. Has anyone been able to get this working on CentOS 7 or should I start migrating to CentOS 8? The kernel is 3.10.0-1062.4.1.el7.x86_64, running Suricata 5.0.0 and I was able to set the hash key and the hash functions correctly (I think) -
RSS hash key:
6d:5a:6d:5a:6d:5a:6d:5a:6d:5a:6d:5a:6d:5a:6d:5a:6d:5a:6d:5a:6d:5a:6d:5a:6d:5a:6d:5a:6d:5a:6d:5a:6d:5a:6d:5a:6d:5a:6d:5a
RSS hash function:
toeplitz: on
xor: off
crc32: off
When I start Suricata all the messages look good until it gets to AFP when it gives me the message -
7/11/2019 -- 14:10:43 - <Notice> - all 16 packet processing threads, 4 management threads initialized, engine started.
7/11/2019 -- 14:10:43 - <Error> - [ERRCODE: SC_ERR_AFP_CREATE(190)] - Couldn't set fanout mode, error Invalid argument
7/11/2019 -- 14:10:43 - <Error> - [ERRCODE: SC_ERR_AFP_CREATE(190)] - Couldn't init AF_PACKET socket, fatal error
7/11/2019 -- 14:10:43 - <Error> - [ERRCODE: SC_ERR_FATAL(171)] - thread W#01-ens1f1 failed
I did take a look at the test script "can-i-use-afpacket-fanout" but my sensors have no internet connection so I am not able to use it via GO. Is there another way to run this if I downloading it manually ?
Thanks,
Sean
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20191117/25b2eaa5/attachment.html>
More information about the Oisf-users
mailing list