Project

General

Profile

Actions
Copy link

Bug #1292

closed

Disabling VLAN tracking should affect cluster mode tuple selection

Added by Antti Tönkyrä over 9 years ago. Updated almost 9 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Giuseppe Longo
Target version:
2.1beta2
Affected Versions:
Effort:
Difficulty:
Label:

Description

I was testing a case where mismatched VLAN tags caused flow tracking problems so I set vlan: use-for-tracking: false. However, this does not completely solve issue when using pf_ring for RX with more than 1 thread. The cluster_flow mode will still take VLAN tags into account due to using pf_ring's 6-tuple mode. This result in same flow ending on different RX thread which in turn seems to cause issues.

Setting cluster mode to cluster_per_flow_5_tuple in source-pfring.c line 480 fixes the issue. I think suricata should enforce using only cluster-modes which do not use VLAN tags when VLAN tracking is disabled from the configuration.

Actions
Copy link
 #1

Updated by Victor Julien over 9 years ago

  • Status changed from New to Assigned
  • Assignee set to Giuseppe Longo
  • Target version set to TBD
Actions
Copy link
 #2

Updated by Giuseppe Longo almost 9 years ago

This has been fixed throught through https://github.com/inliniac/suricata/pull/1178

Actions
Copy link
 #3

Updated by Victor Julien almost 9 years ago

  • Status changed from Assigned to Closed
  • Target version changed from TBD to 2.1beta2
Actions
Copy link

Also available in: Atom PDF