Bug #1048
closedPF_RING/DNA config - suricata.yaml
Description
With DNA installed and configured, in the pfring section of the Suricata we should have :
... - interface: dna0@1 threads: 1 - interface: dna0@2 threads: 1 ....
However when we load , we have:
[16115] 28/11/2013 -- 12:26:44 - (runmode-pfring.c:278) <Error> (ParsePfringConfig) -- [ERRCODE: SC_ERR_INVALID_ARGUMENT(13)] - Could not get cluster-id from config [16115] 28/11/2013 -- 12:26:44 - (runmode-pfring.c:310) <Error> (ParsePfringConfig) -- [ERRCODE: SC_ERR_GET_CLUSTER_TYPE_FAILED(35)] - Could not get cluster-type fron config [16115] 28/11/2013 -- 12:26:44 - (util-runmodes.c:545) <Info> (RunModeSetLiveCaptureWorkersForDevice) -- Going to use 1 thread(s) [16117] 28/11/2013 -- 12:26:44 - (source-pfring.c:425) <Info> (ReceivePfringThreadInit) -- DNA interface detected, not adding thread to cluster [16117] 28/11/2013 -- 12:26:44 - (source-pfring.c:449) <Info> (ReceivePfringThreadInit) -- (RxPFRdna0@01) Using PF_RING v.5.6.2, interface dna0@0, cluster-id 1, single-pfring-thread [16115] 28/11/2013 -- 12:26:44 - (runmode-pfring.c:278) <Error> (ParsePfringConfig) -- [ERRCODE: SC_ERR_INVALID_ARGUMENT(13)] - Could not get cluster-id from config [16115] 28/11/2013 -- 12:26:44 - (runmode-pfring.c:310) <Error> (ParsePfringConfig) -- [ERRCODE: SC_ERR_GET_CLUSTER_TYPE_FAILED(35)] - Could not get cluster-type fron config [16115] 28/11/2013 -- 12:26:44 - (util-runmodes.c:545) <Info> (RunModeSetLiveCaptureWorkersForDevice) -- Going to use 1 thread(s)
Everything still works and Suricata starts and loads and is running
fine - it is just the ERR msgs.
If we use:
- interface: dna0@1 threads: 1 cluster-id: 1 cluster-type: cluster_flow - interface: dna0@2 threads: 1 cluster-id: 2 cluster-type: cluster_flow .....
Suricata loads and works fine and there are no ERR or warning msgs.
However we do not need to give cluster id and type since in DNA
there is no SW balancing.
P.S.
There is a spelling mistake in the ERR msg:
Could not get cluster-type fron
fron, should be from.
Thanks
Updated by Victor Julien over 10 years ago
Looks like this can be closed, right?
Updated by Mats Klepsland over 10 years ago
This is still an issue.
Suricata complains when using PF_RING and not defining cluster-id or cluster-type:
26/6/2014 -- 14:34:53 - <Error> - [ERRCODE: SC_ERR_INVALID_ARGUMENT(13)] - Could not get cluster-id from config 26/6/2014 -- 14:34:53 - <Error> - [ERRCODE: SC_ERR_GET_CLUSTER_TYPE_FAILED(35)] - Could not get cluster-type fron config
These fields are not required when using DNA or ZC. This issue doesn't stop Suricata from running, but it should be fixed to avoid unnecessary noise. The easiest way to fix this issue would be to add exceptions when using DNA or ZC.
Updated by Mats Klepsland over 10 years ago
- Assignee changed from Eric Leblond to Mats Klepsland
Updated by Mats Klepsland about 10 years ago
Submitted pull request:
Updated by Victor Julien about 10 years ago
- Status changed from New to Closed
- Target version set to 2.1beta2
- % Done changed from 0 to 100
Merged, thanks!
Updated by Victor Julien about 10 years ago
- Subject changed from DNA config - suricata.yaml to PF_RING/DNA config - suricata.yaml