Project

General

Profile

Actions

Bug #4916

open

af-packet: Sending packet failed on socket 20: Message too long

Added by Anonymous almost 3 years ago. Updated over 1 year ago.

Status:
New
Priority:
Normal
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

In the logs he often writes:

[3247] 19/12/2021 -- 11:32:41 - (source-af-packet.c:837) <Warning> (AFPWritePacket) -- [ERRCODE: SC_ERR_SOCKET(200)] - Sending packet failed on socket 20: Message too long
[3263] 19/12/2021 -- 11:33:13 - (source-af-packet.c:837) <Warning> (AFPWritePacket) -- [ERRCODE: SC_ERR_SOCKET(200)] - Sending packet failed on socket 68: Message too long

Launched in the kvm virtual machine

name -a

Linux VM-CK-IPS1 5.10.85-gentoo #1 SMP Wed Dec 15 22:01:04 MSK 2021 x86_64 Intel(R) Xeon(R) CPU E5-1680 v4 @ 3.40GHz GenuineIntel GNU/Linux

suricata --build-info

This is Suricata version 6.0.5-dev (87f04475a 2021-12-14)
Features: PCAP_SET_BUFF AF_PACKET HAVE_PACKET_FANOUT LIBCAP_NG HAVE_HTP_URI_NORMALIZE_HOOK PCRE_JIT HAVE_NSS HTTP2_DECOMPRESSION HAVE_LIBJANSSON TLS TLS_C11 MAGIC RUST 
SIMD support: SSE_4_2 SSE_4_1 SSE_3 
Atomic intrinsics: 1 2 4 8 16 byte(s)
64-bits, Little-endian architecture
GCC version 11.2.0, C version 201112
compiled with _FORTIFY_SOURCE=2
L1 cache line size (CLS)=64
thread local storage method: _Thread_local
compiled with LibHTP v0.5.39, linked against LibHTP v0.5.39

Suricata Configuration:
  AF_PACKET support:                       yes
  eBPF support:                            yes
  XDP support:                             yes
  PF_RING support:                         no
  NFQueue support:                         no
  NFLOG support:                           no
  IPFW support:                            no
  Netmap support:                          no 
  DAG enabled:                             no
  Napatech enabled:                        no
  WinDivert enabled:                       no

  Unix socket enabled:                     yes
  Detection enabled:                       yes

  Libmagic support:                        yes
  libnss support:                          yes
  libnspr support:                         yes
  libjansson support:                      yes
  hiredis support:                         no
  hiredis async with libevent:             no
  Prelude support:                         no
  PCRE jit:                                yes
  LUA support:                             no
  libluajit:                               no
  GeoIP2 support:                          yes
  Non-bundled htp:                         no
  Hyperscan support:                       yes
  Libnet support:                          no
  liblz4 support:                          yes
  HTTP2 decompression:                     yes

  Rust support:                            yes
  Rust strict mode:                        no
  Rust compiler path:                      /usr/bin/rustc
  Rust compiler version:                   rustc 1.57.0 (gentoo)
  Cargo path:                              /usr/bin/cargo
  Cargo version:                           cargo 1.57.0
  Cargo vendor:                            yes

  Python support:                          yes
  Python path:                             /usr/bin/python3
  Python distutils                         yes
  Python yaml                              yes
  Install suricatactl:                     yes
  Install suricatasc:                      yes
  Install suricata-update:                 not bundled

  Profiling enabled:                       no
  Profiling locks enabled:                 no

  Plugin support (experimental):           yes

Development settings:
  Coccinelle / spatch:                     no
  Unit tests enabled:                      no
  Debug output enabled:                    no
  Debug validation enabled:                no

Generic build parameters:
  Installation prefix:                     /usr
  Configuration directory:                 /etc/suricata/
  Log directory:                           /var/log/suricata/

  --prefix                                 /usr
  --sysconfdir                             /etc
  --localstatedir                          /var
  --datarootdir                            /usr/share

  Host:                                    x86_64-pc-linux-gnu
  Compiler:                                gcc (exec name) / g++ (real)
  GCC Protect enabled:                     no
  GCC march native enabled:                yes
  GCC Profile enabled:                     yes
  Position Independent Executable enabled: no
  CFLAGS                                   -g -O2 -std=c11 -pg -march=native -I${srcdir}/../rust/gen -I${srcdir}/../rust/dist
  PCAP_CFLAGS                               
  SECCFLAGS                                

fix script:

ethtool -K enp0s19 tx off sg off gro off gso off lro off tso off
ethtool -K enp0s20 tx off sg off gro off gso off lro off tso off
ethtool -K enp0s21 tx off sg off gro off gso off lro off tso off
ethtool -K enp0s22 tx off sg off gro off gso off lro off tso off
ifconfig enp0s19 mtu 3000
ifconfig enp0s20 mtu 3000
ifconfig enp0s21 mtu 3000
ifconfig enp0s22 mtu 3000
ifconfig enp0s19 up
ifconfig enp0s20 up
ifconfig enp0s21 up
ifconfig enp0s22 up
ethtool -K enp0s19 tx off sg off gro off gso off lro off tso off
ethtool -K enp0s20 tx off sg off gro off gso off lro off tso off
ethtool -K enp0s21 tx off sg off gro off gso off lro off tso off
ethtool -K enp0s22 tx off sg off gro off gso off lro off tso off
ifconfig enp0s19 mtu 3000
ifconfig enp0s20 mtu 3000
ifconfig enp0s21 mtu 3000
ifconfig enp0s22 mtu 3000
rc-service suricata restart


Files

suricata.log (92.2 KB) suricata.log Anonymous, 12/19/2021 09:30 AM
Actions #1

Updated by Anonymous almost 3 years ago

ethtool -k enp0s22

Features for enp0s22:
rx-checksumming: on [fixed]
tx-checksumming: off
        tx-checksum-ipv4: off [fixed]
        tx-checksum-ip-generic: off
        tx-checksum-ipv6: off [fixed]
        tx-checksum-fcoe-crc: off [fixed]
        tx-checksum-sctp: off [fixed]
scatter-gather: off
        tx-scatter-gather: off
        tx-scatter-gather-fraglist: off [fixed]
tcp-segmentation-offload: off
        tx-tcp-segmentation: off
        tx-tcp-ecn-segmentation: off
        tx-tcp-mangleid-segmentation: off
        tx-tcp6-segmentation: off
generic-segmentation-offload: off
generic-receive-offload: off
large-receive-offload: off [fixed]
rx-vlan-offload: off [fixed]
tx-vlan-offload: off [fixed]
ntuple-filters: off [fixed]
receive-hashing: off [fixed]
highdma: on [fixed]
rx-vlan-filter: on [fixed]
vlan-challenged: off [fixed]
tx-lockless: off [fixed]
netns-local: off [fixed]
tx-gso-robust: on [fixed]
tx-fcoe-segmentation: off [fixed]
tx-gre-segmentation: off [fixed]
tx-gre-csum-segmentation: off [fixed]
tx-ipxip4-segmentation: off [fixed]
tx-ipxip6-segmentation: off [fixed]
tx-udp_tnl-segmentation: off [fixed]
tx-udp_tnl-csum-segmentation: off [fixed]
tx-gso-partial: off [fixed]
tx-tunnel-remcsum-segmentation: off [fixed]
tx-sctp-segmentation: off [fixed]
tx-esp-segmentation: off [fixed]
tx-udp-segmentation: off [fixed]
tx-gso-list: off [fixed]
fcoe-mtu: off [fixed]
tx-nocache-copy: off
loopback: off [fixed]
rx-fcs: off [fixed]
rx-all: off [fixed]
tx-vlan-stag-hw-insert: off [fixed]
rx-vlan-stag-hw-parse: off [fixed]
rx-vlan-stag-filter: off [fixed]
l2-fwd-offload: off [fixed]
hw-tc-offload: off [fixed]
esp-hw-offload: off [fixed]
esp-tx-csum-hw-offload: off [fixed]
rx-udp_tunnel-port-offload: off [fixed]
tls-hw-tx-offload: off [fixed]
tls-hw-rx-offload: off [fixed]
rx-gro-hw: on
tls-hw-record: off [fixed]
rx-gro-list: off
macsec-hw-offload: off [fixed]

Actions #2

Updated by Anonymous almost 3 years ago

af-packet:
  - interface: enp0s21
    threads: 16
    defrag: yes
    cluster-type: cluster_ebpf
    ebpf-lb-file: /usr/libexec/suricata/ebpf/lb.bpf
    cluster-id: 98
    copy-mode: ips
    copy-iface: enp0s22
    buffer-size: 64535
    use-mmap: yes
    ring-size: 50000
  - interface: enp0s22
    threads: 16
    cluster-id: 97
    defrag: yes
    cluster-type: cluster_ebpf
    ebpf-lb-file: /usr/libexec/suricata/ebpf/lb.bpf
    copy-mode: ips
    copy-iface: enp0s21
    buffer-size: 64535
    use-mmap: yes
    ring-size: 50000

  - interface: enp0s19
    threads: 16
    defrag: yes
    cluster-type: cluster_ebpf
    ebpf-lb-file: /usr/libexec/suricata/ebpf/lb.bpf
    cluster-id: 96
    copy-mode: ips
    copy-iface: enp0s20
    buffer-size: 64535
    use-mmap: yes
    ring-size: 50000
  - interface: enp0s20
    threads: 16
    cluster-id: 95
    defrag: yes
    cluster-type: cluster_ebpf
    ebpf-lb-file: /usr/libexec/suricata/ebpf/lb.bpf
    copy-mode: ips
    copy-iface: enp0s19
    buffer-size: 64535
    use-mmap: yes
    ring-size: 50000
Actions #3

Updated by Victor Julien almost 3 years ago

  • Description updated (diff)
  • Priority changed from High to Normal
Actions #4

Updated by Victor Julien almost 3 years ago

Can you include Suricata's start up messages when adding -vvv?

Actions #5

Updated by Victor Julien almost 3 years ago

  • Subject changed from Sending packet failed on socket 20: Message too long to af-packet: Sending packet failed on socket 20: Message too long
Actions #6

Updated by Anonymous almost 3 years ago

Actions #7

Updated by Victor Julien over 1 year ago

  • Assignee set to Shivani Bhardwaj
  • Target version set to TBD

@Shivani Bhardwaj one thing we should do is create a better error message. E.g. add the length of the packet we're trying to send.

Actions

Also available in: Atom PDF