Actions
Bug #1111
closedcapture stats at exit incorrect
Affected Versions:
Effort:
Difficulty:
Label:
Description
Doing a replay:
Actual: 38994342 packets (7156850841 bytes) sent in 102.60 seconds. Rated: 69754880.0 bps, 532.19 Mbps, 38
0061.81 pps
Statistics for network device: eth1
Attempted packets: 39039754
Successful packets: 38994342
Failed packets: 0
Retried packets (ENOBUFS): 45412
Retried packets (EAGAIN): 0
The last stats.log entry is:
capture.kernel_packets | AFPacketeth21 | 9943193 capture.kernel_drops | AFPacketeth21 | 22063 capture.kernel_packets | AFPacketeth22 | 9578157 capture.kernel_drops | AFPacketeth22 | 27669 capture.kernel_packets | AFPacketeth23 | 9686844 capture.kernel_drops | AFPacketeth23 | 14851 capture.kernel_packets | AFPacketeth24 | 9638784 capture.kernel_drops | AFPacketeth24 | 29920
Combined packets: 38846978
Combined drops: 94503
Together: 38941481
So, very close to what has been sent.
However, the stats printed to the console:
[30086] 14/2/2014 -- 06:59:32 - (util-device.c:173) <Notice> (LiveDeviceListClean) -- Stats for 'eth2': pkts: 77894183, drop: 94503 (0.12%), invalid chksum: 4730
pkts is completely off, while drops is exactly right.
Default config, started with:
src/suricata --af-packet=${NIC_IN} -S /dev/null -c suricata.yaml -l "${TD}/logs" -D --pidfile="${TD}/suricata.pid" --set "logging.outputs.1.file.enabled=yes" --set "logging.outputs.1.file.filename=${TD}/logs/suricata.log" --set "af-packet.0.interface=eth2" --set "af-packet.0.threads=4" --set "flow.memcap=256mb" --set "stream.reassembly.memcap=512mb" --runmode=workers --set "af-packet.0.buffer-size=8388608"
Actions