Bug #6009: dpdk: incorrect final stats - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #6009

closed

LS LS

dpdk: incorrect final stats

Bug #6009: dpdk: incorrect final stats

Added by Lukas Sismis almost 3 years ago. Updated over 2 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Lukas Sismis

Target version:

7.0.2

Affected Versions:

Effort:

Difficulty:

Label:

Description

In more performant deployments (on live networks) where Suricata has more cores/allocated bigger chunks of memory, it takes some time between getting out of the loop and getting into deinit phase of the DPDK module. During this, the NIC is still enabled and the NIC account the undelivered packets as missed (dropped). As a result, the final stats that are e.g. printed in ExitStats function are not valid and they propose worse result than what Suricata actually reached. (e.g. not dropping packets at all when running and during the deinit phase it can increase to 10% of dropped packets)

I can see two solutions:
- do not rely on the device stats after jumping out of the Loop function
- stop the device immediately as the loop is discontinued

VJ Updated by Victor Julien almost 3 years ago Actions
Copy link
#1

I think this is a generic issue that also affects other capture methods potentially. It can also happen during init. IIRC af-packet has some special logic for the init side.

LS Updated by Lukas Sismis almost 3 years ago Actions
Copy link
#2

Does it make sense to "fix" it (at least on the DPDK side)?
I can imagine I would be able to fix it but that would possibly change the logic a bit by moving starting/shutting process of the init/deinit stage to the loop directly to minimize the gap between the start/shutdown of the device and actual reading.