Project

General

Profile

Actions

Bug #1111

closed

capture stats at exit incorrect

Added by Victor Julien almost 11 years ago. Updated over 10 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

Doing a replay:

Actual: 38994342 packets (7156850841 bytes) sent in 102.60 seconds.             Rated: 69754880.0 bps, 532.19 Mbps, 38 
0061.81 pps                                                                                                            
Statistics for network device: eth1                                                                                    
        Attempted packets:         39039754                                                                            
        Successful packets:        38994342                                                                            
        Failed packets:            0                                                                                   
        Retried packets (ENOBUFS): 45412                                                                               
        Retried packets (EAGAIN):  0

The last stats.log entry is:

capture.kernel_packets    | AFPacketeth21             | 9943193
capture.kernel_drops      | AFPacketeth21             | 22063
capture.kernel_packets    | AFPacketeth22             | 9578157
capture.kernel_drops      | AFPacketeth22             | 27669
capture.kernel_packets    | AFPacketeth23             | 9686844
capture.kernel_drops      | AFPacketeth23             | 14851
capture.kernel_packets    | AFPacketeth24             | 9638784
capture.kernel_drops      | AFPacketeth24             | 29920

Combined packets: 38846978
Combined drops: 94503
Together: 38941481

So, very close to what has been sent.

However, the stats printed to the console:

[30086] 14/2/2014 -- 06:59:32 - (util-device.c:173) <Notice> (LiveDeviceListClean) -- Stats for 'eth2':  pkts: 77894183, drop: 94503 (0.12%), invalid chksum: 4730

pkts is completely off, while drops is exactly right.

Default config, started with:

src/suricata --af-packet=${NIC_IN} -S /dev/null -c suricata.yaml -l "${TD}/logs" -D --pidfile="${TD}/suricata.pid" --set "logging.outputs.1.file.enabled=yes" --set "logging.outputs.1.file.filename=${TD}/logs/suricata.log" --set "af-packet.0.interface=eth2" --set "af-packet.0.threads=4" --set "flow.memcap=256mb" --set "stream.reassembly.memcap=512mb" --runmode=workers --set "af-packet.0.buffer-size=8388608" 

Actions

Also available in: Atom PDF