Project

General

Profile

Actions

Bug #1390

closed

suricatasc return empty iface-stat.pkts in IPS nfqueue mode

Added by Christophe Nowicki almost 10 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Low
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

Hi,

I'am running suricata in IPS mode with nfqueue on GNU/Linux, I'am trying to get some counters
in order to draw nice graph with munin, but suricatasc return empty iface-stat.pkts :

[code]
  1. PYTHONPATH=/usr/lib/python2.7/site-packages suricatasc
    Command list: shutdown, command-list, help, version, uptime, running-mode, capture-mode, conf-get, dump-counters, iface-stat, iface-list, quit

version

Success:
"2.0.6 RELEASE"

iface-list

Success: {
"count": 2,
"ifaces": [
"0",
"1"
]
}

iface-stat 0

Success: {
"drop": 0,
"invalid-checksums": 0,
"pkts": 0
}
[/code]
Suricata is processing packets and working but pkts value is not updated.

[code]
  1. cat /proc/net/netfilter/nfnetlink_queue
    0 15214 0 2 65531 0 0 97427 1
    [/code]

...

[code]
  1. cat /proc/net/netfilter/nfnetlink_queue
    0 15214 0 2 65531 0 0 101646 1
    [/code]

Packet are processed because the packet id of last packet is updated.

I'am running Suricata STABLE on Debian GNU/Linux :

[code]
  1. suricata --build-info
    This is Suricata version 2.0.6 RELEASE
    Features: NFQ PCAP_SET_BUFF LIBPCAP_VERSION_MAJOR=1 AF_PACKET HAVE_PACKET_FANOUT LIBCAP_NG LIBNET1.1 HAVE_HTP_URI_NORMALIZE_HOOK PCRE_JIT HAVE_NSS HAVE_LUA HAVE_LUAJIT HAVE_LIBJANSSON
    SIMD support: SSE_3
    Atomic intrisics: 1 2 4 8 byte(s)
    32-bits, Little-endian architecture
    GCC version 4.7.2, C version 199901
    compiled with -fstack-protector
    compiled with _FORTIFY_SOURCE=2
    L1 cache line size (CLS)=64
    compiled with LibHTP v0.5.16, linked against LibHTP v0.5.16
    Suricata Configuration:
    AF_PACKET support: yes
    PF_RING support: no
    NFQueue support: yes
    NFLOG support: no
    IPFW support: no
    DAG enabled: no
    Napatech enabled: no
    Unix socket enabled: yes
    Detection enabled: yes
libnss support:                          yes
libnspr support: yes
libjansson support: yes
Prelude support: no
PCRE jit: yes
LUA support: yes
libluajit: yes
libgeoip: yes
Non-bundled htp: no
Old barnyard2 support: no
CUDA enabled: no
Suricatasc install:                      yes
Unit tests enabled:                      no
Debug output enabled: no
Debug validation enabled: no
Profiling enabled: no
Profiling locks enabled: no
Coccinelle / spatch: no

Generic build parameters:
Installation prefix (--prefix): /usr
Configuration directory (--sysconfdir): /etc/suricata/
Log directory (--localstatedir) : /var/log/suricata/

Host:                                    i686-pc-linux-gnu
GCC binary: gcc
GCC Protect enabled: yes
GCC march native enabled: yes
GCC Profile enabled: no
[/code]

Best Regards,

Actions #1

Updated by Victor Julien almost 10 years ago

  • Target version set to TBD

Such stats simply aren't implemented.

Related to #1116.

Actions #2

Updated by Andreas Herz about 8 years ago

  • Assignee set to Anonymous
Actions #3

Updated by Andreas Herz over 5 years ago

  • Assignee set to Community Ticket
Actions #4

Updated by Andreas Herz over 5 years ago

  • Status changed from New to Closed

Hi, we're closing this issue since there have been no further responses.
If you think this bug is still relevant, try to test it again with the
most recent version of suricata and reopen the issue. If you want to
improve the bug report please take a look at
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Reporting_Bugs

Actions

Also available in: Atom PDF