Bug #1556: MTU setting on NIC interface not considered by af-packet - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #1556

closed

MTU setting on NIC interface not considered by af-packet

Added by Peter Manev about 9 years ago. Updated over 7 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Eric Leblond

Target version:

3.0RC1

Affected Versions:

Effort:

Difficulty:

Label:

Description

When manually changed the MTU if the interface (eth0) to 2800 - just for a test purpose:


root@LTS-64-1:~ # ifconfig
docker0   Link encap:Ethernet  HWaddr 02:42:33:a5:fe:b7
          inet addr:172.17.42.1  Bcast:0.0.0.0  Mask:255.255.0.0
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

eth0      Link encap:Ethernet  HWaddr 08:00:27:bf:4f:8a
          inet addr:10.0.2.15  Bcast:10.0.2.255  Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:febf:4f8a/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  *MTU:2800*  Metric:1
          RX packets:28636 errors:0 dropped:0 overruns:0 frame:0
          TX packets:17366 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:18405349 (18.4 MB)  TX bytes:2638374 (2.6 MB)

but when Suri is started ...it seems af-packet is still using 1500 as the
packet size - aka not taking the MTU into account when no explicit
setting is defined in suricata.yaml :

23:01:43 - (flow-manager.c:881) <Info>
(FlowRecyclerThreadSpawn) -- using 1 flow recycler threads
23:01:43 - (tm-threads.c:2001) <Notice>
(TmThreadWaitOnThreadInit) -- all 2 packet processing threads, 4
management threads initialized, engine started.
23:01:43 - (source-af-packet.c:1365) <Info>
(AFPComputeRingParams) -- AF_PACKET RX Ring params: block_size=32768
block_nr=103 frame_size=1584 frame_nr=2060
23:01:43 - (source-af-packet.c:1573) <Info>
(AFPCreateSocket) -- Using interface 'eth0' via socket 7
23:01:43 - (source-af-packet.c:1157) <Info>
(ReceiveAFPLoop) -- Thread AFPacketeth01 using socket 7
23:01:43 - (source-af-packet.c:1365) <Info>
(AFPComputeRingParams) -- AF_PACKET RX Ring params: block_size=32768
block_nr=103 frame_size=1584 frame_nr=2060
23:01:43 - (source-af-packet.c:1573) <Info>
(AFPCreateSocket) -- Using interface 'eth0' via socket 8
23:01:43 - (source-af-packet.c:454) <Info>
(AFPPeersListReachedInc) -- All AFP capture threads are running.

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Bug #1556

MTU setting on NIC interface not considered by af-packet

Updated by Alexander Gozman about 9 years ago

Updated by Eric Leblond almost 9 years ago

Updated by Eric Leblond almost 9 years ago

Updated by Kristopher Kolpin over 7 years ago