Project

General

Profile

Actions

Bug #4800

closed

af-packet: flag colision between kernel and Suricata

Added by Victor Julien about 3 years ago. Updated about 3 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

Suricata sets a flag to keep track of frames in the ring that are still being processed in autofp. This may have been an unused flag at some time, but in a current kernel it might be set.

src/source-af-packet.c:#define TP_STATUS_USER_BUSY     BIT_U32(31)

include/uapi/linux/if_packet.h:#define TP_STATUS_TS_RAW_HARDWARE        (1U << 31)
Actions

Also available in: Atom PDF