Actions
Support #2997
closedIPS AF_Packet mode and decoder invalid
Affected Versions:
Label:
Description
When using Suricata in IPS AF_Packet mode with "threads: 1" in interfaces configs the latency is quite big (+ from 30 to 100+ in ICMP). If I use "threads: >1" (both interfaces), I got "decoder invalid" parameter is growing very fast. Suricata build 2019040702-0stamus0, kernel: Linux SELKS 4.9.0-9-amd64 #1 SMP Debian 4.9.168-1+deb9u2 (2019-05-13) x86_64 GNU/Linux.
Updated by Leonid Inodin over 5 years ago
Seems that using "defrag:no" parameter in config file solves thuis problem.
Updated by Victor Julien over 5 years ago
- Related to Bug #1778: af_packet: IPS and defrag added
Updated by Andreas Herz over 5 years ago
- Assignee set to Community Ticket
- Target version set to TBD
Can you tell us a bit more about your setup, especially the hardware (NIC)?
What type of traffic it is as well?
Updated by Victor Julien over 5 years ago
- Status changed from New to Closed
- Target version deleted (
TBD)
Actions