Bug #823
closedSending packet failed on socket 5: Message too long
Description
Hi,
A new bug (or problem) again:
These errors are displayed on suricata console when traffic goes to the monitored interface:
[5522] 12/6/2013 -- 16:04:15 - (source-af-packet.c:645) <Warning> (AFPWritePacket) -- [ERRCODE: SC_ERR_SOCKET(200)] - Sending packet failed on socket 5: Message too long
[5522] 12/6/2013 -- 16:04:15 - (tmqh-packetpool.c:280) <Warning> (TmqhOutputPacketpool) -- [ERRCODE: SC_ERR_INVALID_ACTION(142)] - Unable to release packet data
Config:
%YAML 1.1
---
outputs:
af-packet:
- interface: eth1
threads: 1
cluster-id: 99
cluster-type: cluster_flow
defrag: yes
checksum-checks: yes
use-mmap: yes
copy-mode: ips
copy-iface: eth2
- interface: eth2
threads: 1
cluster-id: 98
cluster-type: cluster_flow
defrag: yes
checksum-checks: yes
use-mmap: yes
copy-mode: ips
copy-iface: eth1
default-rule-path: /etc/suricata/rules
rule-files:
- mini.rule
action-order:
- pass
- drop
- reject
- alert
Suricata version: latest 1.4-dev from git
MTU is 1500 on both interfaces.
Some traffic is going through, but I don't know what is dropped.
Laszlo
Files
Updated by Eric Leblond over 11 years ago
Hello this is a duplicate of #812.
Please try with defrag set to no and disable GRO and other off loading things if needed.
Updated by Laszlo Madarassy over 11 years ago
Eric Leblond wrote:
Hello this is a duplicate of #812.
Please try with defrag set to no and disable GRO and other off loading things if needed.
I set defrag to no, but the result is the same.
Updated by Eric Leblond over 11 years ago
I've tried to reproduce the issue without success. Can you apply the attached patch to your suricata and run some tests ? This should displays info about the dropped packet.
Updated by Laszlo Madarassy over 11 years ago
Eric Leblond wrote:
I've tried to reproduce the issue without success. Can you apply the attached patch to your suricata and run some tests ? This should displays info about the dropped packet.
I have applied the patch and saved the output. It seems an ipv6 packet causes the problem.
You can download the full log from here:
http://mik.bme.hu/~lmadarassy/suricata/suricata.log
I have sent this traffic to suricata:
http://mik.bme.hu/~lmadarassy/suricata/eth1.cap
Laszlo
Updated by Eric Leblond over 11 years ago
- Assignee set to Eric Leblond
The decoding of hexdump in scapy gives some interesting result. This is a packet from vmware to cisco and it is IPv4/TCP. As everything is coherent when compared to information found in the pca file, we can conclude we have something weird here.
Among the weirdness and I think as mentioned by Laszlo before the announced IP packet length is 1648 (anf DF flags is set). This is kind of strange for an interface with a MTU of 1500 (if I'm correct). Laszlo can you confirm we have MTU set to 1500 and that all GRO, GSO are disabled on the capture interface ?
Here's the packet print in scapy:
<Ether dst=00:50:56:a7:5d:ad src=00:18:b9:4e:1e:1b type=IPv4 |<IP version=4L ihl=5L tos=0x0 len=1648 id=20583 flags=DF frag=0L ttl=118 proto=tcp chksum=0x7747 src=188.36.159.9 dst=192.168.27.3 options=[] |<TCP sport=26461 dport=27230 seq=3248517057 ack=2608885882 dataofs=5L reserved=0L flags=A window=257 chksum=0x3d3c urgptr=0 options=[] |<Raw load='\xc3G\xc5\xde\xe7-\x87\x82\x10 \xca\xadW/K(T];\x0f\t\x02M\x1e\x0f\x923%\xb7H\x95+\x98\xaa\xc8\x065\xe5\xfa\n9I@S\x90\xc0\xf0\x10+\xfe\x83`\x96\xa4J\xbf\xa5\xea\xbf\xbf\x98 Ya\x80\x85\x02\x18\xfb\xea\x95\x17\x82\x1c\x90\xbeL.\xbe\x9e\xfdV\x9a\xdf\xe8\x12\x00\x80x\x08\x14\xc1\x82\x18\xf8\x03\x81\xbc$\xfc\xbe\x00j\xb0A\x1f\x893\xcaB\x14\x12?\xe2\xef\x01B\xf1\xd6\xfe-\x1e\x0f\x01\x01\xc8\x06\x03j\x89K\xc7\xca\x95\x17d\xbf\xf5\x94\xbe\xfc\x0cI\xcf\xc9\xf5\xf03\xf7\x8b\x87\x93e\x93f\xe5\xb5\xb8\x98L\rB\x18\xfdR\xb5J\xaf\xe2\xbd\xf76I\xd8\xb6\xd65\xa3 S\xfas\xf9g\xdb\x88\x0f\x89S\xd2\xe1quR%\x8f\xc7J\xa5W=K\xff\x04I\xcd\x1a\\\xbf\xf7\xbe>V%\x04/\xab\xa0p\x10\xed\xfc\xf7\xa0\x8f\xff\xc8;\xb9\x1a\xf6u\xe3\xef\x03\x17\t\x10H\xb5X\x97\xe0\x82\x08C\xfb\x82Iz\xa0B\xf5\x8a\xd9\x12\x95yD\x1fO\xde\xa8\xeb\xf7?\xb7\x9b&Ssrv\xe6\xa7\x9a\xf0)\xa3\xb3\xf4\x12=\xf9@7\x85\xe1\x0c\xbb\xe1\x03%U>\\\x08W\xe9\xf2\x81\xfd\xad\xa8\xb30\x94\x10\x04\xbf\te\xc0\x1fG\xff\xf4\xfe\xc9\x15\x97_\xd8\xaa%\xb0F^\x9d\x08E\xfe\x85\xea@\xf0\x95\xf1\xfa\xbf`(\x82\x10\xfb/\xd4\xdciT\x88\xedx@Q-R\xaf\xc2]\xcc\xcfJ#\x7fDU\x1b\xb8\xce\x06j\xda\x8b\x16\x98\xf6m\x96\xf7\r\x01J\xbe\xe6Q\xf7\xcb\xd5\xc1)H\x90\xa0!\xfez\x0f\x15A\xfe*\xfdL^\xaf\x99\x00\xca\xcd\x1f\x08C\xf0e4}\x83\xe5\n\x84\xb5y/\xf8\xaf\xc3\xed\x11\xff\x95@\xf7;<\xd6\xbdU\x96\xcb\xb6\x95=\x9e]\xdc\\\xa1\x81\xab\ra\xb0)\x9b\x96\xeb\xe9\xec.\x85\xd3\x99\xec\x96I.\xb3\xf5\xb6\xd3\xb2E\x12M\xbc\x8d\xdb\xda\x9d\xe0\xc2P5\x06\x1f\x97\x04\n^%{A\xb7\xd2\xdf\xab/\x9fT\x10\x0b\xbd\x1b\xff\xd5\xe2\x92\xfc\x03\x05\xd3\xa4\xe0\xc1\x00\x03\x81\x84\x95BL\xf3\x7fS\xb0\x14#\xc8%\t\x03\xd0e\x84\x8f+\xf8\x1f\xfe/Q\x93l\x8a\xb1\xa8b\xc8\xad\\\xfd\xca\xbd\xd8l\x05p\xf1 \x048\x10\xc4\xa0P\xf9P\x96\xa9U\xff\xe7\xa0\x96]\xf1\xf7\xff\x97\x14\xc5_\x1d\xcf|D\xb6M\x87b\x8f\xb3\xeb8g\x97;v\xb5\xb9\x83.\xcdk#\x11\xb1\x9b\xed\xd4\xd2\x99\xc7\xa6\xd8\xd9\x95\x1b\xb8\xc3k\xd1Vu\xd5N\xb1l\xf3y\xcd\x1c\x91\x00\xa77\xc3\xcd\xfc[\t\xe2\xf8\x8e\x94\x06JE=\x91\xc7:\xf0\x14\xce\xecQ\xa2/\xe6.qW\'\xf0\x0br\x90\x17xu?k#Q(\xbb3{\xb7\xfb=i\x85Jh\xb2\xe6\x1f\nx\x95\x82:\xc1X\xfb\x87\x87\xd6\xc5uKQ\xab\x17\xae.\xac\xe2B)\xe0\x9f\xe1 \x14\xeb\xae\xaa\xb9in\xd2a\xf7\xf5fi\xffA\xe3\x15\x83\xa5\xd2\xdc\x99\xc6\xe3\\F-\xf3b\xc5c\x10)\xaa\xb5\x17\xbe\xdcJ\xd5\'\xd2\xff\xef*c\x92~\x0e\x9b\xf7\xa4@\xf8%\xfb\x998\xd2\xe7i\x127\x03\x1c\xf2\xc0\xbf8o\x06\x91j(p\nc\x7f\xf9\xe9>\xa3\xebm\x15I\xfdV\x90u\xd2j\xa7\xd4u\x93\xf8\xbc\x0f\x896I\xb6\xd8\xd2\xe2\xc9\xfe\x88\xd9\xc21x\x14\xfa\x9c\xbe\xfa\\R\x9f\xf2F\x83Gz\xe8\xe7!5S(|\x91\xea\xaf\xec\x9f\x9d\xdbW`-U\x7f3\x88\x19%\xfc8\x02\x9c\x8b$\xc1\x8d\xaa>K\xff0\xaa\xea\xf4\x97\xcc\xdcs\x8c\x853\xa9\x7f\xfb=\x82\xbcUAC\x07c\xcbX\x11q\x9cZ\x92\xf8\xbc\x03\xe8\x07\x0f\xbe%\xe7d\xe1 <\x04\x0e"@<\x07\xf8\xffK\xf64\xf4\xb0\x0e+\xfa\x99\xe99)\x90)\x84\x15n\xda\xba;Wk\x95\xc5\x03S\xc3\xb7\x9c\x1f\xf9\\\x99\x18\x84\x80S\x18\x17\x9c,\x06@\xb1\\K\xaa\xe7\xe4\x9e\xb2^<\x18 \x8f\xa0\xe9N\x9d/\x08\n-\xf5\x12z\x93\x94kB\x00 \xf8\x03\xc1\xbc$\xfcJ\xed\x9e\xbeO?\xfeG\x97\xfa\x7f\xd7\xae\x00\xe0\x0f\xf4\xf7\xf0\xbb\xeaU~\xc9s5\xc1L\xea\x08 \xdf\x1f\x83h\x07\xfeJ\r\xc0\x85\xff\xaaT\x9d[J\xd5\x94B@a,\x10*\xaf\tj\xaf\xf7%\x96\xe320C|\xe0x\x0f\xedA\xbc\x08\x16g\xd5+.\xf9~{\x157\x83\xf5`k\xc9\xef\xa6\xff\xec8\xb8\x7f\xfe=D\x85\xca\xa4b8\n~*\x8b\x07\x80\xfd\xa4J\x1f\xaa\x08~S\xf5S%\x03\xba\xddW@\xd1t\x039\x1b0\x0f\x01\xfdH<\x07\xf9%\xffS=\xde3\xa0\xc6U+\x97\xd7\xf3\xea\xa8!\x97g\xafqH\x97Dux\xc4\x8dy!,O[\x01\xc1\x00|]}t\xda\xa2\xefzQ\xeb\x80.\x02\xab\x98\x8eK\x06\x1c\x94gEY\x95?U;\xbd5\x94D\xda\x8a\xaf\x02\x84\xc6\xc8\xa0\xcb\x86\xc5\x0f\xd2\xc9\xbb\xde\xa1\xb6\xc9\x0e\x07u\x9dL\xd7$\x90\xde\xf3\xbd\xce-\xa8*\xe8\x86G\x9aIoE\xc10S\xbc\xdbz\xa2*Z2C\x04\xec\x9b7%\xc1\x13\xadn\x9b\x87\x82\x9b]\xe14;\xe6^\xc0:\'\xba\x85\xe7\xc2\x9e\x19y9\xef<\x02\xba\xc8.\x15<\x059\xfe\xb8\xf0x\x08\x17A\xe0?\xb5\xf05/\x08R\t@\xcd\x17O\xdbee9\x13\x87\xca\xcb\xa0\x96\xab\xe5\xdfk\xf2\xba\xb3\xac\x8dG\x94\x0f+\x8a\xf2S\xc1KGA\x981x7\xcb\x84\xa1 \x10D\x92\xe5W|\xa9]\xf4 \x9eV\xa6i\x15\xc6X\xb3a\x10S\xce\xbb\xc2\xdc\x98I\xc3\xf3\\\x14\x8c\xa0\x12\x0f\x01\x01\xb85\xaa\x15\xcf{\x92\x9b\x06\x12\x01\x05Wc\xfc\xafTp\x86\xf9\xb8|\n9\xdb\x1f\x07\x80\x80\xfc\x03?\x9fN\xf0`\x80%\t\x1eS?\x86\x8e\xaa.\x99\x1fU\xddx9\x07$' |>>>><Ether dst=00:50:56:a7:5d:ad src=00:18:b9:4e:1e:1b type=IPv4 |<IP version=4L ihl=5L tos=0x0 len=1648 id=20583 flags=DF frag=0L ttl=118 proto=tcp chksum=0x7747 src=188.36.159.9 dst=192.168.27.3 options=[] |<TCP sport=26461 dport=27230 seq=3248517057 ack=2608885882 dataofs=5L reserved=0L flags=A window=257 chksum=0x3d3c urgptr=0 options=[] |<Raw load='\xc3G\xc5\xde\xe7-\x87\x82\x10 \xca\xadW/K(T];\x0f\t\x02M\x1e\x0f\x923%\xb7H\x95+\x98\xaa\xc8\x065\xe5\xfa\n9I@S\x90\xc0\xf0\x10+\xfe\x83`\x96\xa4J\xbf\xa5\xea\xbf\xbf\x98 Ya\x80\x85\x02\x18\xfb\xea\x95\x17\x82\x1c\x90\xbeL.\xbe\x9e\xfdV\x9a\xdf\xe8\x12\x00\x80x\x08\x14\xc1\x82\x18\xf8\x03\x81\xbc$\xfc\xbe\x00j\xb0A\x1f\x893\xcaB\x14\x12?\xe2\xef\x01B\xf1\xd6\xfe-\x1e\x0f\x01\x01\xc8\x06\x03j\x89K\xc7\xca\x95\x17d\xbf\xf5\x94\xbe\xfc\x0cI\xcf\xc9\xf5\xf03\xf7\x8b\x87\x93e\x93f\xe5\xb5\xb8\x98L\rB\x18\xfdR\xb5J\xaf\xe2\xbd\xf76I\xd8\xb6\xd65\xa3 S\xfas\xf9g\xdb\x88\x0f\x89S\xd2\xe1quR%\x8f\xc7J\xa5W=K\xff\x04I\xcd\x1a\\\xbf\xf7\xbe>V%\x04/\xab\xa0p\x10\xed\xfc\xf7\xa0\x8f\xff\xc8;\xb9\x1a\xf6u\xe3\xef\x03\x17\t\x10H\xb5X\x97\xe0\x82\x08C\xfb\x82Iz\xa0B\xf5\x8a\xd9\x12\x95yD\x1fO\xde\xa8\xeb\xf7?\xb7\x9b&Ssrv\xe6\xa7\x9a\xf0)\xa3\xb3\xf4\x12=\xf9@7\x85\xe1\x0c\xbb\xe1\x03%U>\\\x08W\xe9\xf2\x81\xfd\xad\xa8\xb30\x94\x10\x04\xbf\te\xc0\x1fG\xff\xf4\xfe\xc9\x15\x97_\xd8\xaa%\xb0F^\x9d\x08E\xfe\x85\xea@\xf0\x95\xf1\xfa\xbf`(\x82\x10\xfb/\xd4\xdciT\x88\xedx@Q-R\xaf\xc2]\xcc\xcfJ#\x7fDU\x1b\xb8\xce\x06j\xda\x8b\x16\x98\xf6m\x96\xf7\r\x01J\xbe\xe6Q\xf7\xcb\xd5\xc1)H\x90\xa0!\xfez\x0f\x15A\xfe*\xfdL^\xaf\x99\x00\xca\xcd\x1f\x08C\xf0e4}\x83\xe5\n\x84\xb5y/\xf8\xaf\xc3\xed\x11\xff\x95@\xf7;<\xd6\xbdU\x96\xcb\xb6\x95=\x9e]\xdc\\\xa1\x81\xab\ra\xb0)\x9b\x96\xeb\xe9\xec.\x85\xd3\x99\xec\x96I.\xb3\xf5\xb6\xd3\xb2E\x12M\xbc\x8d\xdb\xda\x9d\xe0\xc2P5\x06\x1f\x97\x04\n^%{A\xb7\xd2\xdf\xab/\x9fT\x10\x0b\xbd\x1b\xff\xd5\xe2\x92\xfc\x03\x05\xd3\xa4\xe0\xc1\x00\x03\x81\x84\x95BL\xf3\x7fS\xb0\x14#\xc8%\t\x03\xd0e\x84\x8f+\xf8\x1f\xfe/Q\x93l\x8a\xb1\xa8b\xc8\xad\\\xfd\xca\xbd\xd8l\x05p\xf1 \x048\x10\xc4\xa0P\xf9P\x96\xa9U\xff\xe7\xa0\x96]\xf1\xf7\xff\x97\x14\xc5_\x1d\xcf|D\xb6M\x87b\x8f\xb3\xeb8g\x97;v\xb5\xb9\x83.\xcdk#\x11\xb1\x9b\xed\xd4\xd2\x99\xc7\xa6\xd8\xd9\x95\x1b\xb8\xc3k\xd1Vu\xd5N\xb1l\xf3y\xcd\x1c\x91\x00\xa77\xc3\xcd\xfc[\t\xe2\xf8\x8e\x94\x06JE=\x91\xc7:\xf0\x14\xce\xecQ\xa2/\xe6.qW\'\xf0\x0br\x90\x17xu?k#Q(\xbb3{\xb7\xfb=i\x85Jh\xb2\xe6\x1f\nx\x95\x82:\xc1X\xfb\x87\x87\xd6\xc5uKQ\xab\x17\xae.\xac\xe2B)\xe0\x9f\xe1 \x14\xeb\xae\xaa\xb9in\xd2a\xf7\xf5fi\xffA\xe3\x15\x83\xa5\xd2\xdc\x99\xc6\xe3\\F-\xf3b\xc5c\x10)\xaa\xb5\x17\xbe\xdcJ\xd5\'\xd2\xff\xef*c\x92~\x0e\x9b\xf7\xa4@\xf8%\xfb\x998\xd2\xe7i\x127\x03\x1c\xf2\xc0\xbf8o\x06\x91j(p\nc\x7f\xf9\xe9>\xa3\xebm\x15I\xfdV\x90u\xd2j\xa7\xd4u\x93\xf8\xbc\x0f\x896I\xb6\xd8\xd2\xe2\xc9\xfe\x88\xd9\xc21x\x14\xfa\x9c\xbe\xfa\\R\x9f\xf2F\x83Gz\xe8\xe7!5S(|\x91\xea\xaf\xec\x9f\x9d\xdbW`-U\x7f3\x88\x19%\xfc8\x02\x9c\x8b$\xc1\x8d\xaa>K\xff0\xaa\xea\xf4\x97\xcc\xdcs\x8c\x853\xa9\x7f\xfb=\x82\xbcUAC\x07c\xcbX\x11q\x9cZ\x92\xf8\xbc\x03\xe8\x07\x0f\xbe%\xe7d\xe1 <\x04\x0e"@<\x07\xf8\xffK\xf64\xf4\xb0\x0e+\xfa\x99\xe99)\x90)\x84\x15n\xda\xba;Wk\x95\xc5\x03S\xc3\xb7\x9c\x1f\xf9\\\x99\x18\x84\x80S\x18\x17\x9c,\x06@\xb1\\K\xaa\xe7\xe4\x9e\xb2^<\x18 \x8f\xa0\xe9N\x9d/\x08\n-\xf5\x12z\x93\x94kB\x00 \xf8\x03\xc1\xbc$\xfcJ\xed\x9e\xbeO?\xfeG\x97\xfa\x7f\xd7\xae\x00\xe0\x0f\xf4\xf7\xf0\xbb\xeaU~\xc9s5\xc1L\xea\x08 \xdf\x1f\x83h\x07\xfeJ\r\xc0\x85\xff\xaaT\x9d[J\xd5\x94B@a,\x10*\xaf\tj\xaf\xf7%\x96\xe320C|\xe0x\x0f\xedA\xbc\x08\x16g\xd5+.\xf9~{\x157\x83\xf5`k\xc9\xef\xa6\xff\xec8\xb8\x7f\xfe=D\x85\xca\xa4b8\n~*\x8b\x07\x80\xfd\xa4J\x1f\xaa\x08~S\xf5S%\x03\xba\xddW@\xd1t\x039\x1b0\x0f\x01\xfdH<\x07\xf9%\xffS=\xde3\xa0\xc6U+\x97\xd7\xf3\xea\xa8!\x97g\xafqH\x97Dux\xc4\x8dy!,O[\x01\xc1\x00|]}t\xda\xa2\xefzQ\xeb\x80.\x02\xab\x98\x8eK\x06\x1c\x94gEY\x95?U;\xbd5\x94D\xda\x8a\xaf\x02\x84\xc6\xc8\xa0\xcb\x86\xc5\x0f\xd2\xc9\xbb\xde\xa1\xb6\xc9\x0e\x07u\x9dL\xd7$\x90\xde\xf3\xbd\xce-\xa8*\xe8\x86G\x9aIoE\xc10S\xbc\xdbz\xa2*Z2C\x04\xec\x9b7%\xc1\x13\xadn\x9b\x87\x82\x9b]\xe14;\xe6^\xc0:\'\xba\x85\xe7\xc2\x9e\x19y9\xef<\x02\xba\xc8.\x15<\x059\xfe\xb8\xf0x\x08\x17A\xe0?\xb5\xf05/\x08R\t@\xcd\x17O\xdbee9\x13\x87\xca\xcb\xa0\x96\xab\xe5\xdfk\xf2\xba\xb3\xac\x8dG\x94\x0f+\x8a\xf2S\xc1KGA\x981x7\xcb\x84\xa1 \x10D\x92\xe5W|\xa9]\xf4 \x9eV\xa6i\x15\xc6X\xb3a\x10S\xce\xbb\xc2\xdc\x98I\xc3\xf3\\\x14\x8c\xa0\x12\x0f\x01\x01\xb85\xaa\x15\xcf{\x92\x9b\x06\x12\x01\x05Wc\xfc\xafTp\x86\xf9\xb8|\n9\xdb\x1f\x07\x80\x80\xfc\x03?\x9fN\xf0`\x80%\t\x1eS?\x86\x8e\xaa.\x99\x1fU\xddx9\x07$' |>>>><Ether dst=00:50:56:a7:5d:ad src=00:18:b9:4e:1e:1b type=IPv4 |<IP version=4L ihl=5L tos=0x0 len=1648 id=20583 flags=DF frag=0L ttl=118 proto=tcp chksum=0x7747 src=188.36.159.9 dst=192.168.27.3 options=[] |<TCP sport=26461 dport=27230 seq=3248517057 ack=2608885882 dataofs=5L reserved=0L flags=A window=257 chksum=0x3d3c urgptr=0 options=[] |<Raw load='\xc3G\xc5\xde\xe7-\x87\x82\x10 \xca\xadW/K(T];\x0f\t\x02M\x1e\x0f\x923%\xb7H\x95+\x98\xaa\xc8\x065\xe5\xfa\n9I@S\x90\xc0\xf0\x10+\xfe\x83`\x96\xa4J\xbf\xa5\xea\xbf\xbf\x98 Ya\x80\x85\x02\x18\xfb\xea\x95\x17\x82\x1c\x90\xbeL.\xbe\x9e\xfdV\x9a\xdf\xe8\x12\x00\x80x\x08\x14\xc1\x82\x18\xf8\x03\x81\xbc$\xfc\xbe\x00j\xb0A\x1f\x893\xcaB\x14\x12?\xe2\xef\x01B\xf1\xd6\xfe-\x1e\x0f\x01\x01\xc8\x06\x03j\x89K\xc7\xca\x95\x17d\xbf\xf5\x94\xbe\xfc\x0cI\xcf\xc9\xf5\xf03\xf7\x8b\x87\x93e\x93f\xe5\xb5\xb8\x98L\rB\x18\xfdR\xb5J\xaf\xe2\xbd\xf76I\xd8\xb6\xd65\xa3 S\xfas\xf9g\xdb\x88\x0f\x89S\xd2\xe1quR%\x8f\xc7J\xa5W=K\xff\x04I\xcd\x1a\\\xbf\xf7\xbe>V%\x04/\xab\xa0p\x10\xed\xfc\xf7\xa0\x8f\xff\xc8;\xb9\x1a\xf6u\xe3\xef\x03\x17\t\x10H\xb5X\x97\xe0\x82\x08C\xfb\x82Iz\xa0B\xf5\x8a\xd9\x12\x95yD\x1fO\xde\xa8\xeb\xf7?\xb7\x9b&Ssrv\xe6\xa7\x9a\xf0)\xa3\xb3\xf4\x12=\xf9@7\x85\xe1\x0c\xbb\xe1\x03%U>\\\x08W\xe9\xf2\x81\xfd\xad\xa8\xb30\x94\x10\x04\xbf\te\xc0\x1fG\xff\xf4\xfe\xc9\x15\x97_\xd8\xaa%\xb0F^\x9d\x08E\xfe\x85\xea@\xf0\x95\xf1\xfa\xbf`(\x82\x10\xfb/\xd4\xdciT\x88\xedx@Q-R\xaf\xc2]\xcc\xcfJ#\x7fDU\x1b\xb8\xce\x06j\xda\x8b\x16\x98\xf6m\x96\xf7\r\x01J\xbe\xe6Q\xf7\xcb\xd5\xc1)H\x90\xa0!\xfez\x0f\x15A\xfe*\xfdL^\xaf\x99\x00\xca\xcd\x1f\x08C\xf0e4}\x83\xe5\n\x84\xb5y/\xf8\xaf\xc3\xed\x11\xff\x95@\xf7;<\xd6\xbdU\x96\xcb\xb6\x95=\x9e]\xdc\\\xa1\x81\xab\ra\xb0)\x9b\x96\xeb\xe9\xec.\x85\xd3\x99\xec\x96I.\xb3\xf5\xb6\xd3\xb2E\x12M\xbc\x8d\xdb\xda\x9d\xe0\xc2P5\x06\x1f\x97\x04\n^%{A\xb7\xd2\xdf\xab/\x9fT\x10\x0b\xbd\x1b\xff\xd5\xe2\x92\xfc\x03\x05\xd3\xa4\xe0\xc1\x00\x03\x81\x84\x95BL\xf3\x7fS\xb0\x14#\xc8%\t\x03\xd0e\x84\x8f+\xf8\x1f\xfe/Q\x93l\x8a\xb1\xa8b\xc8\xad\\\xfd\xca\xbd\xd8l\x05p\xf1 \x048\x10\xc4\xa0P\xf9P\x96\xa9U\xff\xe7\xa0\x96]\xf1\xf7\xff\x97\x14\xc5_\x1d\xcf|D\xb6M\x87b\x8f\xb3\xeb8g\x97;v\xb5\xb9\x83.\xcdk#\x11\xb1\x9b\xed\xd4\xd2\x99\xc7\xa6\xd8\xd9\x95\x1b\xb8\xc3k\xd1Vu\xd5N\xb1l\xf3y\xcd\x1c\x91\x00\xa77\xc3\xcd\xfc[\t\xe2\xf8\x8e\x94\x06JE=\x91\xc7:\xf0\x14\xce\xecQ\xa2/\xe6.qW\'\xf0\x0br\x90\x17xu?k#Q(\xbb3{\xb7\xfb=i\x85Jh\xb2\xe6\x1f\nx\x95\x82:\xc1X\xfb\x87\x87\xd6\xc5uKQ\xab\x17\xae.\xac\xe2B)\xe0\x9f\xe1 \x14\xeb\xae\xaa\xb9in\xd2a\xf7\xf5fi\xffA\xe3\x15\x83\xa5\xd2\xdc\x99\xc6\xe3\\F-\xf3b\xc5c\x10)\xaa\xb5\x17\xbe\xdcJ\xd5\'\xd2\xff\xef*c\x92~\x0e\x9b\xf7\xa4@\xf8%\xfb\x998\xd2\xe7i\x127\x03\x1c\xf2\xc0\xbf8o\x06\x91j(p\nc\x7f\xf9\xe9>\xa3\xebm\x15I\xfdV\x90u\xd2j\xa7\xd4u\x93\xf8\xbc\x0f\x896I\xb6\xd8\xd2\xe2\xc9\xfe\x88\xd9\xc21x\x14\xfa\x9c\xbe\xfa\\R\x9f\xf2F\x83Gz\xe8\xe7!5S(|\x91\xea\xaf\xec\x9f\x9d\xdbW`-U\x7f3\x88\x19%\xfc8\x02\x9c\x8b$\xc1\x8d\xaa>K\xff0\xaa\xea\xf4\x97\xcc\xdcs\x8c\x853\xa9\x7f\xfb=\x82\xbcUAC\x07c\xcbX\x11q\x9cZ\x92\xf8\xbc\x03\xe8\x07\x0f\xbe%\xe7d\xe1 <\x04\x0e"@<\x07\xf8\xffK\xf64\xf4\xb0\x0e+\xfa\x99\xe99)\x90)\x84\x15n\xda\xba;Wk\x95\xc5\x03S\xc3\xb7\x9c\x1f\xf9\\\x99\x18\x84\x80S\x18\x17\x9c,\x06@\xb1\\K\xaa\xe7\xe4\x9e\xb2^<\x18 \x8f\xa0\xe9N\x9d/\x08\n-\xf5\x12z\x93\x94kB\x00 \xf8\x03\xc1\xbc$\xfcJ\xed\x9e\xbeO?\xfeG\x97\xfa\x7f\xd7\xae\x00\xe0\x0f\xf4\xf7\xf0\xbb\xeaU~\xc9s5\xc1L\xea\x08 \xdf\x1f\x83h\x07\xfeJ\r\xc0\x85\xff\xaaT\x9d[J\xd5\x94B@a,\x10*\xaf\tj\xaf\xf7%\x96\xe320C|\xe0x\x0f\xedA\xbc\x08\x16g\xd5+.\xf9~{\x157\x83\xf5`k\xc9\xef\xa6\xff\xec8\xb8\x7f\xfe=D\x85\xca\xa4b8\n~*\x8b\x07\x80\xfd\xa4J\x1f\xaa\x08~S\xf5S%\x03\xba\xddW@\xd1t\x039\x1b0\x0f\x01\xfdH<\x07\xf9%\xffS=\xde3\xa0\xc6U+\x97\xd7\xf3\xea\xa8!\x97g\xafqH\x97Dux\xc4\x8dy!,O[\x01\xc1\x00|]}t\xda\xa2\xefzQ\xeb\x80.\x02\xab\x98\x8eK\x06\x1c\x94gEY\x95?U;\xbd5\x94D\xda\x8a\xaf\x02\x84\xc6\xc8\xa0\xcb\x86\xc5\x0f\xd2\xc9\xbb\xde\xa1\xb6\xc9\x0e\x07u\x9dL\xd7$\x90\xde\xf3\xbd\xce-\xa8*\xe8\x86G\x9aIoE\xc10S\xbc\xdbz\xa2*Z2C\x04\xec\x9b7%\xc1\x13\xadn\x9b\x87\x82\x9b]\xe14;\xe6^\xc0:\'\xba\x85\xe7\xc2\x9e\x19y9\xef<\x02\xba\xc8.\x15<\x059\xfe\xb8\xf0x\x08\x17A\xe0?\xb5\xf05/\x08R\t@\xcd\x17O\xdbee9\x13\x87\xca\xcb\xa0\x96\xab\xe5\xdfk\xf2\xba\xb3\xac\x8dG\x94\x0f+\x8a\xf2S\xc1KGA\x981x7\xcb\x84\xa1 \x10D\x92\xe5W|\xa9]\xf4 \x9eV\xa6i\x15\xc6X\xb3a\x10S\xce\xbb\xc2\xdc\x98I\xc3\xf3\\\x14\x8c\xa0\x12\x0f\x01\x01\xb85\xaa\x15\xcf{\x92\x9b\x06\x12\x01\x05Wc\xfc\xafTp\x86\xf9\xb8|\n9\xdb\x1f\x07\x80\x80\xfc\x03?\x9fN\xf0`\x80%\t\x1eS?\x86\x8e\xaa.\x99\x1fU\xddx9\x07$' |>>>>
Updated by Laszlo Madarassy over 11 years ago
Eric Leblond wrote:
Laszlo can you confirm we have MTU set to 1500 and that all GRO, GSO are disabled on the capture interface ?
Yes, both MTUs are 1500:
eth1 Link encap:Ethernet HWaddr 00:50:56:a7:5d:ad
inet6 addr: fe80::250:56ff:fea7:5dad/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:14276297388 errors:0 dropped:0 overruns:0 frame:0
TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:9748750595274 (8.8 TiB) TX bytes:708 (708.0 B)
eth2 Link encap:Ethernet HWaddr 00:50:56:a7:4e:04
inet6 addr: fe80::250:56ff:fea7:4e04/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4 errors:0 dropped:0 overruns:0 frame:0
TX packets:254792 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:240 (240.0 B) TX bytes:43081568 (41.0 MiB)
This is a vmware esxi 5.1 virtual machine. I haven't set any offloading on the intercaces:
ethtool eth1
Settings for eth1:
Supported ports: [ TP ]
Supported link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Full
Supported pause frame use: No
Supports auto-negotiation: Yes
Advertised link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Full
Advertised pause frame use: No
Advertised auto-negotiation: Yes
Speed: 1000Mb/s
Duplex: Full
Port: Twisted Pair
PHYAD: 0
Transceiver: internal
Auto-negotiation: on
MDI-X: off
Supports Wake-on: d
Wake-on: d
Current message level: 0x00000007 (7)
drv probe link
Link detected: yes
ethtool eth2
Settings for eth2:
Supported ports: [ TP ]
Supported link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Full
Supported pause frame use: No
Supports auto-negotiation: Yes
Advertised link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Full
Advertised pause frame use: No
Advertised auto-negotiation: Yes
Speed: 1000Mb/s
Duplex: Full
Port: Twisted Pair
PHYAD: 0
Transceiver: internal
Auto-negotiation: on
MDI-X: off
Supports Wake-on: d
Wake-on: d
Current message level: 0x00000007 (7)
drv probe link
Link detected: yes
[ 1.808139] e1000 0000:02:01.0 eth1: (PCI:66MHz:32-bit) 00:50:56:a7:5d:ad
[ 1.808144] e1000 0000:02:01.0 eth1: Intel(R) PRO/1000 Network Connection
[ 2.167533] e1000 0000:02:03.0 eth2: (PCI:66MHz:32-bit) 00:50:56:a7:4e:04
[ 2.167537] e1000 0000:02:03.0 eth2: Intel(R) PRO/1000 Network Connection
[ 8.547215] e1000: eth1 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
[ 8.726922] e1000: eth2 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
Updated by Dave Crawford over 11 years ago
I've duplicated this behavior in a Debian guest on ESXi 5.1 connected to a Cisco 2970. The fix is to disable generic-receive-offload (GRO) on the two interfaces that af_packet is copying between:
ethtool -K eth1 gro off
ethtool -K eth2 gro off
-Dave
Updated by Eric Leblond over 11 years ago
- Status changed from New to Resolved
I've updated Common_Errors to state that GRO needs to be deactivated when AF_PACKET IPS is used.
Updated by Victor Julien over 11 years ago
- Status changed from Resolved to Closed