Support #2997: IPS AF_Packet mode and decoder invalid - Suricata - Open Information Security Foundation

Actions

Support #2997

closed

IPS AF_Packet mode and decoder invalid

Added by Leonid Inodin over 5 years ago. Updated about 5 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Community Ticket

Affected Versions:

Label:

Description

When using Suricata in IPS AF_Packet mode with "threads: 1" in interfaces configs the latency is quite big (+ from 30 to 100+ in ICMP). If I use "threads: >1" (both interfaces), I got "decoder invalid" parameter is growing very fast. Suricata build 2019040702-0stamus0, kernel: Linux SELKS 4.9.0-9-amd64 #1 SMP Debian 4.9.168-1+deb9u2 (2019-05-13) x86_64 GNU/Linux.

Related issues 1 (0 open — 1 closed)

Actions

#1

Updated by Leonid Inodin over 5 years ago

Seems that using "defrag:no" parameter in config file solves thuis problem.

Actions

#2

Updated by Victor Julien over 5 years ago

Affected Versions deleted (~~5.0.0~~)

Actions

#3

Updated by Victor Julien over 5 years ago

Related to Bug #1778: af_packet: IPS and defrag added

Actions

#4

Updated by Andreas Herz over 5 years ago

Assignee set to Community Ticket
Target version set to TBD

Can you tell us a bit more about your setup, especially the hardware (NIC)?
What type of traffic it is as well?

Actions

#5

Updated by Victor Julien about 5 years ago

Status changed from New to Closed
Target version deleted (~~TBD~~)

Actions

#6

Updated by Victor Julien about 5 years ago

Tracker changed from Bug to Support

Actions

Also available in: Atom PDF