Project

General

Profile

Actions
Copy link

Bug #1556

closed

MTU setting on NIC interface not considered by af-packet

Added by Peter Manev almost 10 years ago. Updated over 8 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Eric Leblond
Target version:
3.0RC1
Affected Versions:
Effort:
Difficulty:
Label:

Description

When manually changed the MTU if the interface (eth0) to 2800 - just for a test purpose:


root@LTS-64-1:~ # ifconfig
docker0   Link encap:Ethernet  HWaddr 02:42:33:a5:fe:b7
          inet addr:172.17.42.1  Bcast:0.0.0.0  Mask:255.255.0.0
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

eth0      Link encap:Ethernet  HWaddr 08:00:27:bf:4f:8a
          inet addr:10.0.2.15  Bcast:10.0.2.255  Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:febf:4f8a/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  *MTU:2800*  Metric:1
          RX packets:28636 errors:0 dropped:0 overruns:0 frame:0
          TX packets:17366 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:18405349 (18.4 MB)  TX bytes:2638374 (2.6 MB)

but when Suri is started ...it seems af-packet is still using 1500 as the
packet size - aka not taking the MTU into account when no explicit
setting is defined in suricata.yaml :

23:01:43 - (flow-manager.c:881) <Info>
(FlowRecyclerThreadSpawn) -- using 1 flow recycler threads
23:01:43 - (tm-threads.c:2001) <Notice>
(TmThreadWaitOnThreadInit) -- all 2 packet processing threads, 4
management threads initialized, engine started.
23:01:43 - (source-af-packet.c:1365) <Info>
(AFPComputeRingParams) -- AF_PACKET RX Ring params: block_size=32768
block_nr=103 frame_size=1584 frame_nr=2060
23:01:43 - (source-af-packet.c:1573) <Info>
(AFPCreateSocket) -- Using interface 'eth0' via socket 7
23:01:43 - (source-af-packet.c:1157) <Info>
(ReceiveAFPLoop) -- Thread AFPacketeth01 using socket 7
23:01:43 - (source-af-packet.c:1365) <Info>
(AFPComputeRingParams) -- AF_PACKET RX Ring params: block_size=32768
block_nr=103 frame_size=1584 frame_nr=2060
23:01:43 - (source-af-packet.c:1573) <Info>
(AFPCreateSocket) -- Using interface 'eth0' via socket 8
23:01:43 - (source-af-packet.c:454) <Info>
(AFPPeersListReachedInc) -- All AFP capture threads are running.

Actions
Copy link
 #1

Updated by Alexander Gozman almost 10 years ago

Maybe it's not a bug but a feature? ;) Is default-packet-size specified in suricata's configuration file? AFAIK suricata checks MTU only if default-packet-size is 0 or unspecified.

Actions
Copy link
 #2

Updated by Eric Leblond almost 10 years ago

It works for me (tm) using latest git and when specifying the iface on the command line. But when you have two ifaces you need to setup default-packet-size to the max value or value of first iface will be used. I will submit a PR to improve that.

Actions
Copy link
 #3

Updated by Eric Leblond almost 10 years ago

  • Status changed from New to Closed
Actions
Copy link
 #4

Updated by Kristopher Kolpin over 8 years ago

Please see the following issue at:

https://redmine.pfsense.org/issues/7388

Actions
Copy link

Also available in: Atom PDF