Actions
Bug #1206
closedZC pf_ring not working with Suricata 2.0.1 (or latest git)
Affected Versions:
Effort:
Difficulty:
Label:
Description
NOTE - Some of the errors in this bug report can be related as well to:
https://redmine.openinfosecfoundation.org/issues/1048
I have tried the latest (at the time of this ticket) 3.21 intel ixgbe drivers , plus pf_ring latest 6.0.2~ svn edition and ZC with the following config:
pfring:
- interface: zc:eth3@0
# Number of receive threads (>1 will enable experimental flow pinned
# runmode)
threads: 1
# Default clusterid. PF_RING will load balance packets based on flow.
# All threads/processes that will participate need to have the same
# clusterid.
#cluster-id: 99
# Default PF_RING cluster type. PF_RING can load balance per flow
or per hash.
# This is only supported in versions of PF_RING > 4.1.1.
cluster-type: cluster_flow
# bpf filter for this interface
#bpf-filter: tcp
# Choose checksum verification mode for the interface. At the moment
# of the capture, some packets may be with an invalid checksum due to
# offloading to the network card of the checksum computation.
# Possible values are:
# - rxonly: only compute checksum for packets received by network card.
# - yes: checksum validation is forced
# - no: checksum validation is disabled
# - auto: suricata uses a statistical approach to detect when
# checksum off-loading is used. (default)
# Warning: 'checksum-validation' must be set to yes to have any validation
#checksum-checks: auto
# Second interface
#- interface: eth1
# threads: 3
# cluster-id: 93
# cluster-type: cluster_flow
# Put default values here
#- interface: default
#threads: 2
- interface: zc:eth3@1
threads: 1
- interface: zc:eth3@2
threads: 1
- interface: zc:eth3@3
threads: 1
- interface: zc:eth3@4
threads: 1
- interface: zc:eth3@5
threads: 1
- interface: zc:eth3@6
threads: 1
- interface: zc:eth3@7
threads: 1
- interface: zc:eth3@8
threads: 1
- interface: zc:eth3@9
threads: 1
- interface: zc:eth3@10
threads: 1
- interface: zc:eth3@11
threads: 1
- interface: zc:eth3@12
threads: 1
- interface: zc:eth3@13
threads: 1
- interface: zc:eth3@14
threads: 1
- interface: zc:eth3@15
threads: 1
I have the following warnings and errs and a failure to start in general with ZC:
29278] 10/6/2014 -- 14:18:37 - (util-threshold-config.c:1202) <Info> (SCThresholdConfParseFile) -- Threshold config parsed: 0 rule(s) found [29278] 10/6/2014 -- 14:18:37 - (util-coredump-config.c:122) <Info> (CoredumpLoadConfig) -- Core dump size set to unlimited. [29278] 10/6/2014 -- 14:18:37 - (util-logopenfile.c:209) <Info> (SCConfLogOpenGeneric) -- eve-log output device (regular) initialized: eve.json [29278] 10/6/2014 -- 14:18:37 - (output-json.c:471) <Info> (OutputJsonInitCtx) -- returning output_ctx 0xa3a15c30 [29278] 10/6/2014 -- 14:18:37 - (runmodes.c:672) <Info> (RunModeInitializeOutputs) -- enabling 'eve-log' module 'alert' [29278] 10/6/2014 -- 14:18:37 - (runmodes.c:672) <Info> (RunModeInitializeOutputs) -- enabling 'eve-log' module 'http' [29278] 10/6/2014 -- 14:18:37 - (runmodes.c:672) <Info> (RunModeInitializeOutputs) -- enabling 'eve-log' module 'dns' [29278] 10/6/2014 -- 14:18:37 - (runmodes.c:672) <Info> (RunModeInitializeOutputs) -- enabling 'eve-log' module 'ssh' [29278] 10/6/2014 -- 14:18:37 - (util-device.c:153) <Info> (LiveBuildDeviceList) -- Adding interface zc:eth3@0 from config file [29278] 10/6/2014 -- 14:18:37 - (util-device.c:153) <Info> (LiveBuildDeviceList) -- Adding interface zc:eth3@1 from config file [29278] 10/6/2014 -- 14:18:37 - (util-device.c:153) <Info> (LiveBuildDeviceList) -- Adding interface zc:eth3@2 from config file [29278] 10/6/2014 -- 14:18:37 - (util-device.c:153) <Info> (LiveBuildDeviceList) -- Adding interface zc:eth3@3 from config file [29278] 10/6/2014 -- 14:18:37 - (util-device.c:153) <Info> (LiveBuildDeviceList) -- Adding interface zc:eth3@4 from config file [29278] 10/6/2014 -- 14:18:37 - (util-device.c:153) <Info> (LiveBuildDeviceList) -- Adding interface zc:eth3@5 from config file [29278] 10/6/2014 -- 14:18:37 - (util-device.c:153) <Info> (LiveBuildDeviceList) -- Adding interface zc:eth3@6 from config file [29278] 10/6/2014 -- 14:18:37 - (util-device.c:153) <Info> (LiveBuildDeviceList) -- Adding interface zc:eth3@7 from config file [29278] 10/6/2014 -- 14:18:37 - (util-device.c:153) <Info> (LiveBuildDeviceList) -- Adding interface zc:eth3@8 from config file [29278] 10/6/2014 -- 14:18:37 - (util-device.c:153) <Info> (LiveBuildDeviceList) -- Adding interface zc:eth3@9 from config file [29278] 10/6/2014 -- 14:18:37 - (util-device.c:153) <Info> (LiveBuildDeviceList) -- Adding interface zc:eth3@10 from config file [29278] 10/6/2014 -- 14:18:37 - (util-device.c:153) <Info> (LiveBuildDeviceList) -- Adding interface zc:eth3@11 from config file [29278] 10/6/2014 -- 14:18:37 - (util-device.c:153) <Info> (LiveBuildDeviceList) -- Adding interface zc:eth3@12 from config file [29278] 10/6/2014 -- 14:18:37 - (util-device.c:153) <Info> (LiveBuildDeviceList) -- Adding interface zc:eth3@13 from config file [29278] 10/6/2014 -- 14:18:37 - (util-device.c:153) <Info> (LiveBuildDeviceList) -- Adding interface zc:eth3@14 from config file [29278] 10/6/2014 -- 14:18:37 - (util-device.c:153) <Info> (LiveBuildDeviceList) -- Adding interface zc:eth3@15 from config file [29278] 10/6/2014 -- 14:18:37 - (runmode-pfring.c:276) <Error> (ParsePfringConfig) -- [ERRCODE: SC_ERR_INVALID_ARGUMENT(13)] - Could not get cluster-id from config [29278] 10/6/2014 -- 14:18:37 - (runmode-pfring.c:332) <Info> (ParsePfringConfig) -- Using flow cluster mode for PF_RING (iface zc:eth3@0) [29278] 10/6/2014 -- 14:18:37 - (util-runmodes.c:558) <Info> (RunModeSetLiveCaptureWorkersForDevice) -- Going to use 1 thread(s) [29280] 10/6/2014 -- 14:18:37 - (source-pfring.c:485) <Error> (ReceivePfringThreadInit) -- [ERRCODE: SC_ERR_PF_RING_SET_CLUSTER_FAILED(37)] - pfring_set_cluster returne d -7 for cluster-id: 1 [29278] 10/6/2014 -- 14:18:37 - (runmode-pfring.c:276) <Error> (ParsePfringConfig) -- [ERRCODE: SC_ERR_INVALID_ARGUMENT(13)] - Could not get cluster-id from config [29278] 10/6/2014 -- 14:18:37 - (runmode-pfring.c:319) <Error> (ParsePfringConfig) -- [ERRCODE: SC_ERR_GET_CLUSTER_TYPE_FAILED(35)] - Could not get cluster-type fron co nfig [29278] 10/6/2014 -- 14:18:37 - (util-runmodes.c:558) <Info> (RunModeSetLiveCaptureWorkersForDevice) -- Going to use 1 thread(s) [29281] 10/6/2014 -- 14:18:37 - (source-pfring.c:485) <Error> (ReceivePfringThreadInit) -- [ERRCODE: SC_ERR_PF_RING_SET_CLUSTER_FAILED(37)] - pfring_set_cluster returne d -7 for cluster-id: 1 [29278] 10/6/2014 -- 14:18:37 - (runmode-pfring.c:276) <Error> (ParsePfringConfig) -- [ERRCODE: SC_ERR_INVALID_ARGUMENT(13)] - Could not get cluster-id from config [29278] 10/6/2014 -- 14:18:37 - (runmode-pfring.c:319) <Error> (ParsePfringConfig) -- [ERRCODE: SC_ERR_GET_CLUSTER_TYPE_FAILED(35)] - Could not get cluster-type fron co nfig [29278] 10/6/2014 -- 14:18:37 - (util-runmodes.c:558) <Info> (RunModeSetLiveCaptureWorkersForDevice) -- Going to use 1 thread(s) [29282] 10/6/2014 -- 14:18:37 - (source-pfring.c:485) <Error> (ReceivePfringThreadInit) -- [ERRCODE: SC_ERR_PF_RING_SET_CLUSTER_FAILED(37)] - pfring_set_cluster returne d -7 for cluster-id: 1 [29278] 10/6/2014 -- 14:18:37 - (runmode-pfring.c:276) <Error> (ParsePfringConfig) -- [ERRCODE: SC_ERR_INVALID_ARGUMENT(13)] - Could not get cluster-id from config [29278] 10/6/2014 -- 14:18:37 - (runmode-pfring.c:319) <Error> (ParsePfringConfig) -- [ERRCODE: SC_ERR_GET_CLUSTER_TYPE_FAILED(35)] - Could not get cluster-type fron co nfig [29278] 10/6/2014 -- 14:18:37 - (util-runmodes.c:558) <Info> (RunModeSetLiveCaptureWorkersForDevice) -- Going to use 1 thread(s) ...
Actions