Project

General

Profile

Actions

Bug #3158

closed

'wrong thread' tracking inaccurate for bridging IPS modes

Added by Victor Julien over 5 years ago. Updated about 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

When using IPS with AF_PACKET the worker threads are created per interface. So a connection/flow will be handled one interface for one side of the traffic and another interface for the opposing side. This means that by design different threads process a single flow.

The code should consider this when checking the 'wrong thread' logic.

AF_PACKET and NETMAP are affected.


Related issues 1 (1 open0 closed)

Related to Suricata - Optimization #2725: stream/packet on wrong threadFeedbackOISF DevActions
Actions #1

Updated by Victor Julien over 5 years ago

Actions #2

Updated by Victor Julien over 5 years ago

  • Description updated (diff)
Actions #3

Updated by Andreas Herz about 5 years ago

  • Assignee set to OISF Dev
  • Target version set to TBD
Actions #4

Updated by Srini J about 5 years ago

Hi Team,
Any estimate as to when this might be fixed? We are using NETMAP IPS mode and are affected by this issue.

Thanks,
Sj

Actions #5

Updated by Victor Julien about 5 years ago

  • Status changed from New to Closed
  • Assignee changed from OISF Dev to Victor Julien
  • Target version changed from TBD to 5.0rc1
Actions #6

Updated by Srini J about 5 years ago

Victor Julien wrote:

Should be fixed in the git master:

https://github.com/OISF/suricata/pull/4188
https://github.com/OISF/suricata/pull/4188/commits/7cabb025ea530cc97b033cbca55e87053a32fd00

Thanks you for the quick response. Will try it out.

Regards,
Sj

Actions

Also available in: Atom PDF