Actions
Bug #3386
closedSuricata is unable to get MTU from NIC after 4.1.0
Affected Versions:
Effort:
Difficulty:
Label:
Description
Since the changes in 4474889667d664a66c1c123f4f7d2756e8a7fbb9 the live_devices list in util-device.h is not ready in time for the automatic MTU detection in suricata.c, which relies on LiveGetDeviceCount().
This causes the count to always return 0, and suricata will then silently use the default 1500 + ethernet header as default-packet-size. Reverting this commit fixes the issue, and allows suricata to use the NIC MTU as default-packet-size.
4.1.5:
(gdb) list suricata.c:2519 2514 /* fall through */ 2515 case RUNMODE_PCAP_DEV: 2516 case RUNMODE_AFP_DEV: 2517 case RUNMODE_PFRING: 2518 nlive = LiveGetDeviceCount(); 2519 for (lthread = 0; lthread < nlive; lthread++) { 2520 const char *live_dev = LiveGetDeviceName(lthread); 2521 char dev[128]; /* need to be able to support GUID names on Windows */ 2522 (void)strlcpy(dev, live_dev, sizeof(dev)); 2523 (gdb) br suricata.c:2518 Breakpoint 1 at 0x15c27: file suricata.c, line 2518. (gdb) run <snip> Breakpoint 1, ConfigGetCaptureValue (suri=<optimized out>, suri=<optimized out>) at suricata.c:2518 2518 nlive = LiveGetDeviceCount(); Missing separate debuginfos, use: debuginfo-install glibc-2.17-292.el7.x86_64 jansson-2.10-1.el7.x86_64 libyaml-0.1.4-11.el7_0.x86_64 pcre-8.32-17.el7.x86_64 zlib-1.2.7-18.el7.x86_64 (gdb) p LiveGetDeviceCount() $1 = 0
4.1.5 with reverted commit:
(gdb) list suricata.c:2527 2522 /* fall through */ 2523 case RUNMODE_PCAP_DEV: 2524 case RUNMODE_AFP_DEV: 2525 case RUNMODE_PFRING: 2526 nlive = LiveGetDeviceCount(); 2527 for (lthread = 0; lthread < nlive; lthread++) { 2528 const char *live_dev = LiveGetDeviceName(lthread); 2529 char dev[128]; /* need to be able to support GUID names on Windows */ 2530 (void)strlcpy(dev, live_dev, sizeof(dev)); 2531 (gdb) br suricata.c:2526 Breakpoint 1 at 0x15c07: file suricata.c, line 2526. (gdb) run <snip> Breakpoint 1, ConfigGetCaptureValue (suri=<optimized out>, suri=<optimized out>) at suricata.c:2526 2526 nlive = LiveGetDeviceCount(); Missing separate debuginfos, use: debuginfo-install glibc-2.17-292.el7.x86_64 jansson-2.10-1.el7.x86_64 libyaml-0.1.4-11.el7_0.x86_64 pcre-8.32-17.el7.x86_64 zlib-1.2.7-18.el7.x86_64 (gdb) p LiveGetDeviceCount() $1 = 1
I could try fixing this, but I'm not sure what the best approach would be? Perhaps simply create a seperate function that counts elements in the pre_live_dev list instead?
Actions