Bug #1390
closedsuricatasc return empty iface-stat.pkts in IPS nfqueue mode
Description
Hi,
I'am running suricata in IPS mode with nfqueue on GNU/Linux, I'am trying to get some counters
in order to draw nice graph with munin, but suricatasc return empty iface-stat.pkts :
- PYTHONPATH=/usr/lib/python2.7/site-packages suricatasc
Command list: shutdown, command-list, help, version, uptime, running-mode, capture-mode, conf-get, dump-counters, iface-stat, iface-list, quit
version
Success:
"2.0.6 RELEASE"
iface-list
Success:
{
"count": 2,
"ifaces": [
"0",
"1"
]
}
iface-stat 0
Success:
{
"drop": 0,
"invalid-checksums": 0,
"pkts": 0
}
[/code]
Suricata is processing packets and working but pkts value is not updated.
- cat /proc/net/netfilter/nfnetlink_queue
0 15214 0 2 65531 0 0 97427 1
[/code]
...
[code]- cat /proc/net/netfilter/nfnetlink_queue
0 15214 0 2 65531 0 0 101646 1
[/code]
Packet are processed because the packet id of last packet is updated.
I'am running Suricata STABLE on Debian GNU/Linux :
[code]- suricata --build-info
This is Suricata version 2.0.6 RELEASE
Features: NFQ PCAP_SET_BUFF LIBPCAP_VERSION_MAJOR=1 AF_PACKET HAVE_PACKET_FANOUT LIBCAP_NG LIBNET1.1 HAVE_HTP_URI_NORMALIZE_HOOK PCRE_JIT HAVE_NSS HAVE_LUA HAVE_LUAJIT HAVE_LIBJANSSON
SIMD support: SSE_3
Atomic intrisics: 1 2 4 8 byte(s)
32-bits, Little-endian architecture
GCC version 4.7.2, C version 199901
compiled with -fstack-protector
compiled with _FORTIFY_SOURCE=2
L1 cache line size (CLS)=64
compiled with LibHTP v0.5.16, linked against LibHTP v0.5.16
Suricata Configuration:
AF_PACKET support: yes
PF_RING support: no
NFQueue support: yes
NFLOG support: no
IPFW support: no
DAG enabled: no
Napatech enabled: no
Unix socket enabled: yes
Detection enabled: yes
libnss support: yes
libnspr support: yes
libjansson support: yes
Prelude support: no
PCRE jit: yes
LUA support: yes
libluajit: yes
libgeoip: yes
Non-bundled htp: no
Old barnyard2 support: no
CUDA enabled: no
Suricatasc install: yes
Unit tests enabled: no
Debug output enabled: no
Debug validation enabled: no
Profiling enabled: no
Profiling locks enabled: no
Coccinelle / spatch: no
Generic build parameters:
Installation prefix (--prefix): /usr
Configuration directory (--sysconfdir): /etc/suricata/
Log directory (--localstatedir) : /var/log/suricata/
Host: i686-pc-linux-gnu
GCC binary: gcc
GCC Protect enabled: yes
GCC march native enabled: yes
GCC Profile enabled: no
[/code]
Best Regards,
Updated by Victor Julien over 9 years ago
- Target version set to TBD
Such stats simply aren't implemented.
Related to #1116.
Updated by Andreas Herz over 5 years ago
- Status changed from New to Closed
Hi, we're closing this issue since there have been no further responses.
If you think this bug is still relevant, try to test it again with the
most recent version of suricata and reopen the issue. If you want to
improve the bug report please take a look at
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Reporting_Bugs