Actions
Bug #3419
closedaf-packet: cluster_id is not used when trying to set fanout support
Affected Versions:
Effort:
low
Difficulty:
low
Label:
Needs backport to 5.0, Needs backport to 6.0
Description
I was frequently getting the following error message
(source-af-packet.c:2013) <Error> (AFPIsFanoutSupported) -- [ERRCODE: SC_ERR_INVALID_VALUE(130)] - fanout not supported by kernel: Kernel too old or cluster-id 99 already in use.
After checking the kernel and cluster-id I realized that the id set in the config file is never used in the function below where the id is hard-coded to "1" and the variable cluster_id is used only in the error message:
suricata/src/source-af-packet.c
int AFPIsFanoutSupported(int cluster_id)
{
#ifdef HAVE_PACKET_FANOUT
int fd = socket(AF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
if (fd < 0)
return 0;
uint16_t mode = PACKET_FANOUT_HASH | PACKET_FANOUT_FLAG_DEFRAG;
uint16_t id = 1;
uint32_t option = (mode << 16) | (id & 0xffff);
int r = setsockopt(fd, SOL_PACKET, PACKET_FANOUT,(void *)&option, sizeof(option));
close(fd);
if (r < 0) {
SCLogError(SC_ERR_INVALID_VALUE, "fanout not supported by kernel: "
"Kernel too old or cluster-id %d already in use.", cluster_id);
return 0;
}
return 1;
#else
return 0;
#endif
}
I believe that the line:
uint32_t option = (mode << 16) | (id & 0xffff);
should be changed to:
uint32_t option = (mode << 16) | (cluster_id & 0xffff);
Updated by Andreas Herz about 5 years ago
Can you add your configuration as well and how you run suricata? I can't reproduce it, but didn't look into the code details yet.
Updated by Victor Julien almost 5 years ago
- Assignee set to OISF Dev
- Priority changed from High to Normal
- Target version set to 5.0.2
Updated by Victor Julien almost 5 years ago
- Target version changed from 5.0.2 to 5.0.3
Updated by Victor Julien over 4 years ago
- Target version changed from 5.0.3 to 6.0.0beta1
Updated by Victor Julien over 4 years ago
- Target version changed from 6.0.0beta1 to 7.0.0-beta1
Updated by Jason Ish about 4 years ago
- Status changed from New to Assigned
- Assignee changed from OISF Dev to Jason Ish
Updated by Jason Ish over 3 years ago
- Status changed from Assigned to In Review
Updated by Victor Julien about 3 years ago
- Status changed from In Review to Closed
- Label Needs backport to 5.0, Needs backport to 6.0 added
Updated by Victor Julien about 3 years ago
- Subject changed from af_packet cluster_id is not used when trying to set fanout support. to af-packet: cluster_id is not used when trying to set fanout support
Updated by Jeff Lucovsky about 3 years ago
- Copied to Bug #4837: af-packet: cluster_id is not used when trying to set fanout support added
Updated by Jeff Lucovsky about 3 years ago
- Copied to Bug #4838: af-packet: cluster_id is not used when trying to set fanout support added
Actions