Project

General

Profile

Actions
Copy link

Bug #1048

closed

PF_RING/DNA config - suricata.yaml

Added by Peter Manev over 10 years ago. Updated over 9 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Mats Klepsland
Target version:
2.1beta2
Affected Versions:
Effort:
Difficulty:
Label:

Description

With DNA installed and configured, in the pfring section of the Suricata we should have :

...
  - interface: dna0@1
    threads: 1
  - interface: dna0@2
    threads: 1
....

However when we load , we have:

[16115] 28/11/2013 -- 12:26:44 - (runmode-pfring.c:278) <Error> (ParsePfringConfig) -- [ERRCODE: SC_ERR_INVALID_ARGUMENT(13)] - Could not get cluster-id from config
[16115] 28/11/2013 -- 12:26:44 - (runmode-pfring.c:310) <Error> (ParsePfringConfig) -- [ERRCODE: SC_ERR_GET_CLUSTER_TYPE_FAILED(35)] - Could not get cluster-type fron config
[16115] 28/11/2013 -- 12:26:44 - (util-runmodes.c:545) <Info> (RunModeSetLiveCaptureWorkersForDevice) -- Going to use 1 thread(s)
[16117] 28/11/2013 -- 12:26:44 - (source-pfring.c:425) <Info> (ReceivePfringThreadInit) -- DNA interface detected, not adding thread to cluster
[16117] 28/11/2013 -- 12:26:44 - (source-pfring.c:449) <Info> (ReceivePfringThreadInit) -- (RxPFRdna0@01) Using PF_RING v.5.6.2, interface dna0@0, cluster-id 1, single-pfring-thread
[16115] 28/11/2013 -- 12:26:44 - (runmode-pfring.c:278) <Error> (ParsePfringConfig) -- [ERRCODE: SC_ERR_INVALID_ARGUMENT(13)] - Could not get cluster-id from config
[16115] 28/11/2013 -- 12:26:44 - (runmode-pfring.c:310) <Error> (ParsePfringConfig) -- [ERRCODE: SC_ERR_GET_CLUSTER_TYPE_FAILED(35)] - Could not get cluster-type fron config
[16115] 28/11/2013 -- 12:26:44 - (util-runmodes.c:545) <Info> (RunModeSetLiveCaptureWorkersForDevice) -- Going to use 1 thread(s)

Everything still works and Suricata starts and loads and is running
fine - it is just the ERR msgs.

If we use:

  - interface: dna0@1
    threads: 1
    cluster-id: 1
    cluster-type: cluster_flow
  - interface: dna0@2
    threads: 1
    cluster-id: 2
    cluster-type: cluster_flow
.....

Suricata loads and works fine and there are no ERR or warning msgs.

However we do not need to give cluster id and type since in DNA
there is no SW balancing.

P.S.
There is a spelling mistake in the ERR msg:

Could not get cluster-type fron

fron, should be from.

Thanks

Actions
Copy link
 #1

Updated by Victor Julien over 10 years ago

  • Assignee set to Eric Leblond
Actions
Copy link
 #2

Updated by Victor Julien almost 10 years ago

Looks like this can be closed, right?

Actions
Copy link
 #3

Updated by Mats Klepsland almost 10 years ago

This is still an issue.

Suricata complains when using PF_RING and not defining cluster-id or cluster-type:

26/6/2014 -- 14:34:53 - <Error> - [ERRCODE: SC_ERR_INVALID_ARGUMENT(13)] - Could not get cluster-id from config
26/6/2014 -- 14:34:53 - <Error> - [ERRCODE: SC_ERR_GET_CLUSTER_TYPE_FAILED(35)] - Could not get cluster-type fron config

These fields are not required when using DNA or ZC. This issue doesn't stop Suricata from running, but it should be fixed to avoid unnecessary noise. The easiest way to fix this issue would be to add exceptions when using DNA or ZC.

Actions
Copy link
 #4

Updated by Mats Klepsland almost 10 years ago

  • Assignee changed from Eric Leblond to Mats Klepsland
Actions
Copy link
 #6

Updated by Victor Julien over 9 years ago

  • Status changed from New to Closed
  • Target version set to 2.1beta2
  • % Done changed from 0 to 100

Merged, thanks!

Actions
Copy link
 #7

Updated by Victor Julien over 9 years ago

  • Subject changed from DNA config - suricata.yaml to PF_RING/DNA config - suricata.yaml
Actions
Copy link

Also available in: Atom PDF