Actions
Bug #1414
closed[ERRCODE: SC_ERR_SOCKET(200)] - Sending packet failed on socket 11: Message too long
Status:
Closed
Priority:
Normal
Assignee:
-
Target version:
-
Affected Versions:
Effort:
Difficulty:
Label:
Description
I am running Suricata in AF_PACKET IPS mode, and I am seeing this error when MTU on two interfaces is 1500:
[ERRCODE: SC_ERR_SOCKET(200)] - Sending packet failed on socket 11: Message too long
No TCP traffic appears to be getting through at all.
Testing with iperf revealed that the connection works when MSS is 1458 and below. This would imply that there is a problem with packets larger than 1498 bytes (1458 + 40 TCP/IP header).
iperf -c 192.168.1.1 -M 1458
I then set the MTU of the interfaces Suricata was bound to to 1502. This allowed normal TCP traffic to get through.
The hardware here is unusual:
Exynos 5422 SoC (ARMv7)
ASIX AX88179 USB 3.0 GigE adapters
Kernel 3.17 (Fedora 21)
Suricata 2.07
GRO disabled on both interfaces.
From suricata.yaml:
af-packet: - interface: eth0 threads: 8 defrag: yes cluster-type: cluster_flow cluster-id: 98 copy-mode: ips copy-iface: eth1 buffer-size: 64535 use-mmap: yes - interface: eth1 threads: 8 cluster-id: 97 defrag: yes cluster-type: cluster_flow copy-mode: ips copy-iface: eth0 buffer-size: 64535 use-mmap: yes
These pair of interfaces work fine in a normal bridge config.
Actions