Project

General

Profile

Actions

Bug #3419

closed

af-packet: cluster_id is not used when trying to set fanout support

Added by Srinath M. almost 3 years ago. Updated 10 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
low
Difficulty:
low
Label:
Needs backport to 5.0, Needs backport to 6.0

Description

I was frequently getting the following error message

(source-af-packet.c:2013) <Error> (AFPIsFanoutSupported) -- [ERRCODE: SC_ERR_INVALID_VALUE(130)] - fanout not supported by kernel: Kernel too old or cluster-id 99 already in use.

After checking the kernel and cluster-id I realized that the id set in the config file is never used in the function below where the id is hard-coded to "1" and the variable cluster_id is used only in the error message:

suricata/src/source-af-packet.c

int AFPIsFanoutSupported(int cluster_id)
{
#ifdef HAVE_PACKET_FANOUT
    int fd = socket(AF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
    if (fd < 0)
        return 0;

    uint16_t mode = PACKET_FANOUT_HASH | PACKET_FANOUT_FLAG_DEFRAG;
    uint16_t id = 1;
    uint32_t option = (mode << 16) | (id & 0xffff);
    int r = setsockopt(fd, SOL_PACKET, PACKET_FANOUT,(void *)&option, sizeof(option));
    close(fd);

    if (r < 0) {
        SCLogError(SC_ERR_INVALID_VALUE, "fanout not supported by kernel: " 
                "Kernel too old or cluster-id %d already in use.", cluster_id);
        return 0;
    }
    return 1;
#else
    return 0;
#endif
}

I believe that the line:

    uint32_t option = (mode << 16) | (id & 0xffff);

should be changed to:

    uint32_t option = (mode << 16) | (cluster_id & 0xffff);


Related issues 2 (0 open2 closed)

Copied to Bug #4837: af-packet: cluster_id is not used when trying to set fanout supportClosedShivani BhardwajActions
Copied to Bug #4838: af-packet: cluster_id is not used when trying to set fanout supportClosedJeff LucovskyActions
Actions #1

Updated by Andreas Herz almost 3 years ago

Can you add your configuration as well and how you run suricata? I can't reproduce it, but didn't look into the code details yet.

Actions #2

Updated by Victor Julien over 2 years ago

  • Assignee set to OISF Dev
  • Priority changed from High to Normal
  • Target version set to 5.0.2
Actions #3

Updated by Victor Julien over 2 years ago

  • Target version changed from 5.0.2 to 5.0.3
Actions #4

Updated by Victor Julien over 2 years ago

  • Target version changed from 5.0.3 to 6.0.0beta1
Actions #5

Updated by Victor Julien over 2 years ago

  • Target version changed from 6.0.0beta1 to 7.0rc1
Actions #6

Updated by Jason Ish almost 2 years ago

  • Status changed from New to Assigned
  • Assignee changed from OISF Dev to Jason Ish
Actions #7

Updated by Jason Ish about 1 year ago

  • Status changed from Assigned to In Review
Actions #8

Updated by Victor Julien 10 months ago

  • Status changed from In Review to Closed
  • Label Needs backport to 5.0, Needs backport to 6.0 added
Actions #9

Updated by Victor Julien 10 months ago

  • Subject changed from af_packet cluster_id is not used when trying to set fanout support. to af-packet: cluster_id is not used when trying to set fanout support
Actions #10

Updated by Jeff Lucovsky 10 months ago

  • Copied to Bug #4837: af-packet: cluster_id is not used when trying to set fanout support added
Actions #11

Updated by Jeff Lucovsky 10 months ago

  • Copied to Bug #4838: af-packet: cluster_id is not used when trying to set fanout support added
Actions

Also available in: Atom PDF