[Oisf-users] Suricata causes massive packet loss
Nelson, Cooper
cnelson at ucsd.edu
Thu Sep 5 16:56:01 UTC 2019
Good catch Mr. Manev! This means he is not using the autofp runmode, which is recommend for inline deployments.
-Coop
-----Original Message-----
From: Peter Manev <petermanev at gmail.com>
Sent: Thursday, September 5, 2019 12:20 AM
To: Nelson, Cooper <cnelson at ucsd.edu>
Cc: peter.mueller at ipfire.org; oisf-users at lists.openinfosecfoundation.org; IPFire: Development-List <development at lists.ipfire.org>
Subject: Re: [Oisf-users] Suricata causes massive packet loss
Hi Peter,
I also noticed a couple of things that i think could be tried out to see if they improve the situation:
- use rust, some of the major protos (like dns) have rust implementation
- use libhtp v0.5.30 , noticed your current one is v0.5.28
What exactly is your setup/start commands etc?
I noticed in your log -
tcp.pkt_on_wrong_thread | Total
| 30622
Thank you
More information about the Oisf-users
mailing list