Actions
Bug #1033
closedpf_ring packet counter statistics
Status:
Closed
Priority:
Normal
Assignee:
-
Target version:
-
Affected Versions:
Effort:
Difficulty:
Label:
Description
capture.kernel_packets | RxPFReth37 | 1806428468 capture.kernel_drops | RxPFReth37 | 2230924712 capture.kernel_packets | RxPFReth38 | 3802555588 capture.kernel_drops | RxPFReth38 | 1286117 ....
The result above could have some explanation, but to me it looks misleading. How can you drop more packets than you actually have? (RxPFReth37)
In case the above means that the incrementing is independent of each other ( a dropped packet is +1 counter only on kernel_drops and not the kernel_packet counter ), this is different than the way that af_packet packet statistics are written in stats.log.
The two should be consistent, if this is purposefully meant to be like that and it is not a bug.
Thanks
Updated by Peter Manev about 10 years ago
This is still an issue(as of 2.0dev (rev a97662e) ):
capture.kernel_packets | RxPFReth31 | 1000309018 capture.kernel_drops | RxPFReth31 | 2948563325 capture.kernel_packets | RxPFReth32 | 1485187901 capture.kernel_drops | RxPFReth32 | 1819030371 capture.kernel_packets | RxPFReth33 | 956547000 capture.kernel_drops | RxPFReth33 | 2441112955
However - it might be related to the follwoing:
If you load much more rules than what your HW related to traffic can handle - drops will naturally occur (and ots of them).
However the stats should nontheless be consistent.
Updated by Peter Manev almost 10 years ago
That seems to be still a problem:
capture.kernel_packets | RxPFReth31 | 345176508 capture.kernel_drops | RxPFReth31 | 1844381565 capture.kernel_packets | RxPFReth32 | 376604936 capture.kernel_drops | RxPFReth32 | 1588869892 capture.kernel_packets | RxPFReth33 | 371947784 capture.kernel_drops | RxPFReth33 | 1748897558 capture.kernel_packets | RxPFReth34 | 378167946 capture.kernel_drops | RxPFReth34 | 1686491904 capture.kernel_packets | RxPFReth35 | 366711129 capture.kernel_drops | RxPFReth35 | 1704817379 capture.kernel_packets | RxPFReth36 | 360209038 capture.kernel_drops | RxPFReth36 | 1663870064 capture.kernel_packets | RxPFReth37 | 368129755 capture.kernel_drops | RxPFReth37 | 1627547733 capture.kernel_packets | RxPFReth38 | 372948251 capture.kernel_drops | RxPFReth38 | 1577976100 capture.kernel_packets | RxPFReth39 | 416525258 capture.kernel_drops | RxPFReth39 | 1755149281 capture.kernel_packets | RxPFReth310 | 371307294 capture.kernel_drops | RxPFReth310 | 1680834675 capture.kernel_packets | RxPFReth311 | 367657593 capture.kernel_drops | RxPFReth311 | 1644396005 capture.kernel_packets | RxPFReth312 | 371945263 capture.kernel_drops | RxPFReth312 | 1550817193 capture.kernel_packets | RxPFReth313 | 378173017 capture.kernel_drops | RxPFReth313 | 1698403234 capture.kernel_packets | RxPFReth314 | 374823111 capture.kernel_drops | RxPFReth314 | 1552052001 capture.kernel_packets | RxPFReth315 | 376484633 capture.kernel_drops | RxPFReth315 | 1706752007 capture.kernel_packets | RxPFReth316 | 366328750 capture.kernel_drops | RxPFReth316 | 1781469915 09:13:51 - (util-device.c:185) <Notice> (LiveDeviceListClean) -- Stats for 'eth3': pkts: 6509120421, drop: 33143711629 (509.19%), invalid chksum: 0
Notice -
...drop: 33143711629 (509.19%)
root@suricata:~/oisf# suricata --build-info This is Suricata version 2.0dev (rev 6fbb955) Features: PCAP_SET_BUFF LIBPCAP_VERSION_MAJOR=1 PF_RING AF_PACKET HAVE_PACKET_FANOUT LIBCAP_NG LIBNET1.1 HAVE_HTP_URI_NORMALIZE_HOOK HAVE_NSS HAVE_LIBJANSSON SIMD support: SSE_4_2 SSE_4_1 SSE_3 Atomic intrisics: 1 2 4 8 16 byte(s) 64-bits, Little-endian architecture GCC version 4.6.3, C version 199901 compiled with -fstack-protector compiled with _FORTIFY_SOURCE=2 L1 cache line size (CLS)=64 compiled with LibHTP v0.5.11, linked against LibHTP v0.5.11 Suricata Configuration: AF_PACKET support: yes PF_RING support: yes NFQueue support: no IPFW support: no DAG enabled: no Napatech enabled: no Unix socket enabled: yes Detection enabled: yes libnss support: yes libnspr support: yes libjansson support: yes Prelude support: no PCRE jit: no libluajit: no libgeoip: no Non-bundled htp: no Old barnyard2 support: no CUDA enabled: no Suricatasc install: yes Unit tests enabled: no Debug output enabled: no Debug validation enabled: no Profiling enabled: no Profiling locks enabled: no Coccinelle / spatch: yes Generic build parameters: Installation prefix (--prefix): /usr/local Configuration directory (--sysconfdir): /usr/local/etc/suricata/ Log directory (--localstatedir) : /usr/local/var/log/suricata/ Host: x86_64-unknown-linux-gnu GCC binary: gcc GCC Protect enabled: no GCC march native enabled: yes GCC Profile enabled: no root@suricata:~/oisf#
Updated by Victor Julien over 9 years ago
- Status changed from New to Assigned
- Assignee changed from Eric Leblond to Giuseppe Longo
- Target version set to 3.0RC2
Updated by Victor Julien almost 9 years ago
- Target version changed from 3.0RC2 to TBD
Updated by Andreas Herz almost 8 years ago
- Status changed from Assigned to Closed
Updated by Andreas Herz almost 8 years ago
- Assignee deleted (
Giuseppe Longo) - Target version deleted (
TBD)
Actions