Open Information Security Foundation

05/02/2019

08:41 PM Suricata Bug #2954: Strange interaction with afpacket - high CPU usage and no packet processing

Somewhat related:
https://lists.openinfosecfoundation.org/pipermail/oisf-users/2016-November/014378.html
https:... Doug Burks

01:00 PM Suricata Bug #2954: Strange interaction with afpacket - high CPU usage and no packet processing

I've attached the requested information.
I had been working on this issue for 2 days before creating this ticket... Doug Burks

05/01/2019

06:20 PM Suricata Bug #2954: Strange interaction with afpacket - high CPU usage and no packet processing

It looks like adding the --no-hwtimestamp option to netsniff makes this issue go away. We'll update our scripts to u... Doug Burks

03:35 PM Suricata Bug #2954 (New): Strange interaction with afpacket - high CPU usage and no packet processing

Greetings from the Security Onion community!
As you may know, Security Onion uses Suricata, netsniff-ng, and Bro. ... Doug Burks

11/09/2012

11:37 AM Suricata Feature #622 (Closed): Specify number of pf_ring/af_packet receive threads on the command line

Currently we can only specify the number of receive threads in suricata.yaml itself. It'd be nice to be able to spec... Doug Burks

03/28/2012

08:05 AM Suricata Feature #440 (Closed): afpacket needs to support bpf (and by extension -F bpf.conf command-line option)

Here's my command line:
sudo suricata --user sguil --group sguil -c /etc/nsm/qa-eth0/suricata.yaml --af-packet=eth0 ... Doug Burks

10/28/2011

10:33 AM Suricata Bug #361 (Closed): AF_PACKET fails to initialize when running with limited privileges

If I run Suricata with AF_PACKET as shown below, everything is fine:
suricata -c /etc/suricata/suricata.yaml --af-pa... Doug Burks