https://redmine.openinfosecfoundation.org/https://redmine.openinfosecfoundation.org/favicon.ico?17011170022016-05-03T09:12:09ZOpen Information Security FoundationSuricata - Bug #1778: af_packet: IPS and defraghttps://redmine.openinfosecfoundation.org/issues/1778?journal_id=67332016-05-03T09:12:09ZVictor Julienvictor@inliniac.net
<ul></ul><p>I think currently safe scenarios are:</p>
<p>workers mode with 1 thread per interface, af-packet defrag disabled<br />autofp mode with 1 thread per interface, af-packet defrag disabled</p>
<p>If the network is guaranteed to be free of fragmentation (e.g. firewall policy blocks it), multiple threads per interface can be used.</p> Suricata - Bug #1778: af_packet: IPS and defraghttps://redmine.openinfosecfoundation.org/issues/1778?journal_id=67342016-05-03T09:12:22ZVictor Julienvictor@inliniac.net
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Assigned</i></li><li><strong>Priority</strong> changed from <i>Normal</i> to <i>High</i></li><li><strong>Target version</strong> set to <i>70</i></li></ul> Suricata - Bug #1778: af_packet: IPS and defraghttps://redmine.openinfosecfoundation.org/issues/1778?journal_id=67352016-05-03T09:13:05ZVictor Julienvictor@inliniac.net
<ul></ul><p>Of the current cluster modes, could there be something that helps? E.g. cluster_cpu with some additional configs outside of suri?</p> Suricata - Bug #1778: af_packet: IPS and defraghttps://redmine.openinfosecfoundation.org/issues/1778?journal_id=79092017-02-10T03:48:52ZVictor Julienvictor@inliniac.net
<ul><li><strong>Subject</strong> changed from <i>af_packet IPS and defrag</i> to <i>af_packet: IPS and defrag</i></li><li><strong>Description</strong> updated (<a title="View differences" href="/journals/7909/diff?detail_id=8290">diff</a>)</li></ul> Suricata - Bug #1778: af_packet: IPS and defraghttps://redmine.openinfosecfoundation.org/issues/1778?journal_id=101232018-08-08T21:21:26ZEric Leblonderic@regit.org
<ul></ul><p>Cluster ebpf with ippair implementation should fix that. XDP CPU redirect will do too.</p> Suricata - Bug #1778: af_packet: IPS and defraghttps://redmine.openinfosecfoundation.org/issues/1778?journal_id=123542019-05-31T09:37:31ZVictor Julienvictor@inliniac.net
<ul><li><strong>Related to</strong> <i><a class="issue tracker-3 status-5 priority-4 priority-default closed" href="/issues/2997">Support #2997</a>: IPS AF_Packet mode and decoder invalid</i> added</li></ul> Suricata - Bug #1778: af_packet: IPS and defraghttps://redmine.openinfosecfoundation.org/issues/1778?journal_id=140172019-09-27T13:12:22ZVictor Julienvictor@inliniac.net
<ul><li><strong>Related to</strong> <i><a class="issue tracker-2 status-5 priority-4 priority-default closed" href="/issues/3011">Feature #3011</a>: Add new 'cluster_peer' runmode to allow for load balancing by IP header (src<->dst) only</i> added</li></ul> Suricata - Bug #1778: af_packet: IPS and defraghttps://redmine.openinfosecfoundation.org/issues/1778?journal_id=140192019-09-27T13:13:27ZVictor Julienvictor@inliniac.net
<ul></ul><p>Eric, now that <a class="issue tracker-2 status-5 priority-4 priority-default closed" title="Feature: Add new 'cluster_peer' runmode to allow for load balancing by IP header (src<->dst) only (Closed)" href="https://redmine.openinfosecfoundation.org/issues/3011">#3011</a> is closed, do you think this one can be closed as well?</p> Suricata - Bug #1778: af_packet: IPS and defraghttps://redmine.openinfosecfoundation.org/issues/1778?journal_id=140202019-09-27T13:17:16ZEric Leblonderic@regit.org
<ul></ul><p>I would say so. Maybe we need a check of documentation to really do so.</p> Suricata - Bug #1778: af_packet: IPS and defraghttps://redmine.openinfosecfoundation.org/issues/1778?journal_id=141132019-10-04T08:59:35ZVictor Julienvictor@inliniac.net
<ul><li><strong>Status</strong> changed from <i>Assigned</i> to <i>Closed</i></li><li><strong>Priority</strong> changed from <i>High</i> to <i>Normal</i></li><li><strong>Target version</strong> changed from <i>70</i> to <i>5.0.0</i></li></ul><p><a class="external" href="https://github.com/OISF/suricata/pull/4257">https://github.com/OISF/suricata/pull/4257</a></p>