Project

General

Profile

Actions

Bug #653

closed

unable to disable detect thread on stop signal

Added by Peter Manev about 10 years ago. Updated about 10 years ago.

Status:
Closed
Priority:
Normal
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

^C
[21434] 2/12/2012 -- 17:54:53 - (suricata.c:2013) <Info> (main) -- Signal Received.  Stopping engine.
[21467] 2/12/2012 -- 17:54:53 - (flow-manager.c:554) <Info> (FlowManagerThread) -- 0 new flows, 0 established flows were timed out, 0 flows in closed state
[21434] 2/12/2012 -- 17:56:28 - (tm-threads.c:1736) <Error> (TmThreadDisableThreadsWithTMS) -- *[ERRCODE: SC_ERR_FATAL(171)] - Engine unable to disable detect thread* - "AFPacketeth31".  Killing engine

I get that on regular basis when doing simple Ctrl+C - seemingly it does take a minute to shut down Suricata.

thanks

Actions #1

Updated by Victor Julien about 10 years ago

Need more info: version, runmode and in general steps to reproduce it.

Actions #2

Updated by Victor Julien about 10 years ago

  • Status changed from New to Assigned
  • Assignee set to Anoop Saldanha
  • Target version set to 1.4
Actions #3

Updated by Peter Manev about 10 years ago

Hi,
Yes - latest git master, afpacket,workers:

[17980] 11/12/2012 -- 19:11:39 - (suricata.c:560) <Info> (SCPrintBuildInfo) -- This is Suricata version 1.4dev (rev 150b0c5)
[17980] 11/12/2012 -- 19:11:39 - (suricata.c:633) <Info> (SCPrintBuildInfo) -- Features: PCAP_SET_BUFF LIBPCAP_VERSION_MAJOR=1 PF_RING AF_PACKET HAVE_PACKET_FANOUT LIBCAP_NG LIBNET1.1 HAVE_HTP_URI_NORMALIZE_HOOK HAVE_HTP_TX_GET_RESPONSE_HEADERS_RAW HAVE_NSS PROFILING
[17980] 11/12/2012 -- 19:11:39 - (suricata.c:647) <Info> (SCPrintBuildInfo) -- 64-bits, Little-endian architecture
[17980] 11/12/2012 -- 19:11:39 - (suricata.c:649) <Info> (SCPrintBuildInfo) -- GCC version 4.6.3, C version 199901
[17980] 11/12/2012 -- 19:11:39 - (suricata.c:655) <Info> (SCPrintBuildInfo) -- __GCC_HAVE_SYNC_COMPARE_AND_SWAP_1
[17980] 11/12/2012 -- 19:11:39 - (suricata.c:658) <Info> (SCPrintBuildInfo) -- __GCC_HAVE_SYNC_COMPARE_AND_SWAP_2
[17980] 11/12/2012 -- 19:11:39 - (suricata.c:661) <Info> (SCPrintBuildInfo) -- __GCC_HAVE_SYNC_COMPARE_AND_SWAP_4
[17980] 11/12/2012 -- 19:11:39 - (suricata.c:664) <Info> (SCPrintBuildInfo) -- __GCC_HAVE_SYNC_COMPARE_AND_SWAP_8
[17980] 11/12/2012 -- 19:11:39 - (suricata.c:667) <Info> (SCPrintBuildInfo) -- __GCC_HAVE_SYNC_COMPARE_AND_SWAP_16
[17980] 11/12/2012 -- 19:11:39 - (suricata.c:671) <Info> (SCPrintBuildInfo) -- compiled with -fstack-protector
[17980] 11/12/2012 -- 19:11:39 - (suricata.c:677) <Info> (SCPrintBuildInfo) -- compiled with _FORTIFY_SOURCE=2
[17980] 11/12/2012 -- 19:11:39 - (suricata.c:680) <Info> (SCPrintBuildInfo) -- compiled with libhtp 0.2.11, linked against 0.2.11

sudo /usr/local/bin/suricata -c /etc/suricata/regit-yaml/suricata-20120912.yaml --af-packet=eth3
[28146] 11/12/2012 -- 19:27:21 - (suricata.c:1260) <Info> (main) -- This is Suricata version 1.4dev (rev a55ff64)
[28146] 11/12/2012 -- 19:27:21 - (util-cpu.c:166) <Info> (UtilCpuPrintSummary) -- CPUs/cores online: 16
[28146] 11/12/2012 -- 19:27:21 - (util-ioctl.c:91) <Info> (GetIfaceMTU) -- Found an MTU of 1500 for 'eth3'
[28146] 11/12/2012 -- 19:27:21 - (defrag-hash.c:203) <Info> (DefragInitConfig) -- allocated 229376 bytes of memory for the defrag hash... 4096 buckets of size 56
[28146] 11/12/2012 -- 19:27:21 - (defrag-hash.c:228) <Info> (DefragInitConfig) -- preallocated 65535 defrag trackers of size 144
[28146] 11/12/2012 -- 19:27:21 - (defrag-hash.c:235) <Info> (DefragInitConfig) -- defrag memory usage: 9666416 bytes, maximum: 16777216
[28146] 11/12/2012 -- 19:27:21 - (tmqh-flow.c:76) <Info> (TmqhFlowRegister) -- AutoFP mode using default "Active Packets" flow load balancer
[28146] 11/12/2012 -- 19:27:21 - (tmqh-packetpool.c:130) <Info> (PacketPoolInit) -- preallocated 512 packets. Total memory 2877440
[28146] 11/12/2012 -- 19:27:21 - (host.c:204) <Info> (HostInitConfig) -- allocated 229376 bytes of memory for the host hash... 4096 buckets of size 56
[28146] 11/12/2012 -- 19:27:21 - (host.c:227) <Info> (HostInitConfig) -- preallocated 1000 hosts of size 120
[28146] 11/12/2012 -- 19:27:21 - (host.c:229) <Info> (HostInitConfig) -- host memory usage: 349376 bytes, maximum: 16777216
[28146] 11/12/2012 -- 19:27:21 - (flow.c:412) <Info> (FlowInitConfig) -- allocated 58720256 bytes of memory for the flow hash... 1048576 buckets of size 56
[28146] 11/12/2012 -- 19:27:22 - (flow.c:436) <Info> (FlowInitConfig) -- preallocated 1048576 flows of size 272
[28146] 11/12/2012 -- 19:27:22 - (flow.c:438) <Info> (FlowInitConfig) -- flow memory usage: 343932928 bytes, maximum: 17179869184
[28146] 11/12/2012 -- 19:27:22 - (reputation.c:426) <Info> (SRepInit) -- IP reputation disabled
[28146] 11/12/2012 -- 19:27:22 - (util-magic.c:61) <Info> (MagicInit) -- using magic-file /usr/share/file/magic
[28146] 11/12/2012 -- 19:27:22 - (suricata.c:1848) <Info> (main) -- Delayed detect disabled
[28146] 11/12/2012 -- 19:27:24 - (detect.c:449) <Info> (SigLoadSignatures) -- 13 rule files processed. 7343 rules successfully loaded, 0 rules failed
[28146] 11/12/2012 -- 19:27:27 - (detect.c:2626) <Info> (SigAddressPrepareStage1) -- 7350 signatures processed. 85 are IP-only rules, 2398 are inspecting packet payload, 5741 inspect application layer, 0 are decoder event only
[28146] 11/12/2012 -- 19:27:27 - (detect.c:2629) <Info> (SigAddressPrepareStage1) -- building signature grouping structure, stage 1: adding signatures to signature source addresses... complete
[28146] 11/12/2012 -- 19:27:27 - (detect.c:3255) <Info> (SigAddressPrepareStage2) -- building signature grouping structure, stage 2: building source address list... complete
[28146] 11/12/2012 -- 19:28:47 - (detect.c:3915) <Info> (SigAddressPrepareStage3) -- building signature grouping structure, stage 3: building destination address lists... complete
[28146] 11/12/2012 -- 19:28:47 - (util-profiling-rules.c:551) <Info> (SCProfilingRuleInitCounters) -- Registered 7350 rule profiling counters.
[28146] 11/12/2012 -- 19:28:47 - (util-threshold-config.c:982) <Info> (SCThresholdConfParseFile) -- Threshold config parsed: 0 rule(s) found
[28146] 11/12/2012 -- 19:28:47 - (util-coredump-config.c:122) <Info> (CoredumpLoadConfig) -- Core dump size set to unlimited.
[28146] 11/12/2012 -- 19:28:47 - (util-logopenfile.c:169) <Info> (SCConfLogOpenGeneric) -- fast output device (regular) initialized: fast.log
[28146] 11/12/2012 -- 19:28:47 - (util-logopenfile.c:169) <Info> (SCConfLogOpenGeneric) -- http-log output device (regular) initialized: http.log
[28146] 11/12/2012 -- 19:28:47 - (log-filestore.c:629) <Info> (LogFilestoreLogInitCtx) -- loading waldo file /var/data/regit/log/suricata//file.waldo
[28146] 11/12/2012 -- 19:28:47 - (log-filestore.c:527) <Info> (LogFilestoreLogLoadWaldo) -- couldn't open waldo: No such file or directory
[28146] 11/12/2012 -- 19:28:47 - (log-filestore.c:632) <Info> (LogFilestoreLogInitCtx) -- storing files in /var/data/regit/log/suricata//files
[28146] 11/12/2012 -- 19:28:47 - (util-affinity.c:217) <Info> (AffinitySetupLoadFromConfig) -- Found affinity definition for "management-cpu-set" 
[28146] 11/12/2012 -- 19:28:47 - (util-affinity.c:265) <Info> (AffinitySetupLoadFromConfig) -- Using default prio 'low'
[28146] 11/12/2012 -- 19:28:47 - (util-affinity.c:217) <Info> (AffinitySetupLoadFromConfig) -- Found affinity definition for "receive-cpu-set" 
[28146] 11/12/2012 -- 19:28:47 - (util-affinity.c:217) <Info> (AffinitySetupLoadFromConfig) -- Found affinity definition for "decode-cpu-set" 
[28146] 11/12/2012 -- 19:28:47 - (util-affinity.c:217) <Info> (AffinitySetupLoadFromConfig) -- Found affinity definition for "stream-cpu-set" 
[28146] 11/12/2012 -- 19:28:47 - (util-affinity.c:217) <Info> (AffinitySetupLoadFromConfig) -- Found affinity definition for "detect-cpu-set" 
[28146] 11/12/2012 -- 19:28:47 - (util-affinity.c:265) <Info> (AffinitySetupLoadFromConfig) -- Using default prio 'high'
[28146] 11/12/2012 -- 19:28:47 - (util-affinity.c:217) <Info> (AffinitySetupLoadFromConfig) -- Found affinity definition for "verdict-cpu-set" 
[28146] 11/12/2012 -- 19:28:47 - (util-affinity.c:265) <Info> (AffinitySetupLoadFromConfig) -- Using default prio 'high'
[28146] 11/12/2012 -- 19:28:47 - (util-affinity.c:217) <Info> (AffinitySetupLoadFromConfig) -- Found affinity definition for "reject-cpu-set" 
[28146] 11/12/2012 -- 19:28:47 - (util-affinity.c:265) <Info> (AffinitySetupLoadFromConfig) -- Using default prio 'low'
[28146] 11/12/2012 -- 19:28:47 - (util-affinity.c:217) <Info> (AffinitySetupLoadFromConfig) -- Found affinity definition for "output-cpu-set" 
[28146] 11/12/2012 -- 19:28:47 - (util-affinity.c:265) <Info> (AffinitySetupLoadFromConfig) -- Using default prio 'medium'
[28146] 11/12/2012 -- 19:28:47 - (runmode-af-packet.c:190) <Info> (ParseAFPConfig) -- Enabling mmaped capture on iface eth3
[28146] 11/12/2012 -- 19:28:47 - (runmode-af-packet.c:257) <Info> (ParseAFPConfig) -- Using cpu cluster mode for AF_PACKET (iface eth3)
[28146] 11/12/2012 -- 19:28:47 - (util-runmodes.c:623) <Info> (RunModeSetLiveCaptureWorkersForDevice) -- Going to use 16 thread(s)
[28401] 11/12/2012 -- 19:28:47 - (util-affinity.c:319) <Info> (AffinityGetNextCPU) -- Setting affinity on CPU 0
[28401] 11/12/2012 -- 19:28:47 - (tm-threads.c:1292) <Info> (TmThreadSetupOptions) -- Setting prio -2 for "AFPacketeth31" Module to cpu/core 0, thread id 28401
[28401] 11/12/2012 -- 19:28:47 - (source-af-packet.c:1525) <Info> (ReceiveAFPThreadInit) -- Enabling zero copy mode
[28401] 11/12/2012 -- 19:28:47 - (source-af-packet.c:1535) <Info> (ReceiveAFPThreadInit) -- Enabling zero copy mode by using data release call
[28402] 11/12/2012 -- 19:28:47 - (util-affinity.c:319) <Info> (AffinityGetNextCPU) -- Setting affinity on CPU 1
[28402] 11/12/2012 -- 19:28:47 - (tm-threads.c:1292) <Info> (TmThreadSetupOptions) -- Setting prio -2 for "AFPacketeth32" Module to cpu/core 1, thread id 28402
[28402] 11/12/2012 -- 19:28:47 - (source-af-packet.c:1525) <Info> (ReceiveAFPThreadInit) -- Enabling zero copy mode
[28402] 11/12/2012 -- 19:28:47 - (source-af-packet.c:1535) <Info> (ReceiveAFPThreadInit) -- Enabling zero copy mode by using data release call
[28403] 11/12/2012 -- 19:28:47 - (util-affinity.c:319) <Info> (AffinityGetNextCPU) -- Setting affinity on CPU 2
[28403] 11/12/2012 -- 19:28:47 - (tm-threads.c:1292) <Info> (TmThreadSetupOptions) -- Setting prio -2 for "AFPacketeth33" Module to cpu/core 2, thread id 28403
[28403] 11/12/2012 -- 19:28:47 - (source-af-packet.c:1525) <Info> (ReceiveAFPThreadInit) -- Enabling zero copy mode
[28403] 11/12/2012 -- 19:28:47 - (source-af-packet.c:1535) <Info> (ReceiveAFPThreadInit) -- Enabling zero copy mode by using data release call
[28404] 11/12/2012 -- 19:28:47 - (util-affinity.c:319) <Info> (AffinityGetNextCPU) -- Setting affinity on CPU 3
[28404] 11/12/2012 -- 19:28:47 - (tm-threads.c:1292) <Info> (TmThreadSetupOptions) -- Setting prio -2 for "AFPacketeth34" Module to cpu/core 3, thread id 28404
[28404] 11/12/2012 -- 19:28:47 - (source-af-packet.c:1525) <Info> (ReceiveAFPThreadInit) -- Enabling zero copy mode
[28404] 11/12/2012 -- 19:28:47 - (source-af-packet.c:1535) <Info> (ReceiveAFPThreadInit) -- Enabling zero copy mode by using data release call
[28405] 11/12/2012 -- 19:28:47 - (util-affinity.c:319) <Info> (AffinityGetNextCPU) -- Setting affinity on CPU 4
[28405] 11/12/2012 -- 19:28:47 - (tm-threads.c:1292) <Info> (TmThreadSetupOptions) -- Setting prio -2 for "AFPacketeth35" Module to cpu/core 4, thread id 28405
[28405] 11/12/2012 -- 19:28:47 - (source-af-packet.c:1525) <Info> (ReceiveAFPThreadInit) -- Enabling zero copy mode
[28405] 11/12/2012 -- 19:28:47 - (source-af-packet.c:1535) <Info> (ReceiveAFPThreadInit) -- Enabling zero copy mode by using data release call
[28406] 11/12/2012 -- 19:28:47 - (util-affinity.c:319) <Info> (AffinityGetNextCPU) -- Setting affinity on CPU 5
[28406] 11/12/2012 -- 19:28:47 - (tm-threads.c:1292) <Info> (TmThreadSetupOptions) -- Setting prio -2 for "AFPacketeth36" Module to cpu/core 5, thread id 28406
[28406] 11/12/2012 -- 19:28:47 - (source-af-packet.c:1525) <Info> (ReceiveAFPThreadInit) -- Enabling zero copy mode
[28406] 11/12/2012 -- 19:28:47 - (source-af-packet.c:1535) <Info> (ReceiveAFPThreadInit) -- Enabling zero copy mode by using data release call
[28407] 11/12/2012 -- 19:28:47 - (util-affinity.c:319) <Info> (AffinityGetNextCPU) -- Setting affinity on CPU 6
[28407] 11/12/2012 -- 19:28:47 - (tm-threads.c:1292) <Info> (TmThreadSetupOptions) -- Setting prio -2 for "AFPacketeth37" Module to cpu/core 6, thread id 28407
[28407] 11/12/2012 -- 19:28:47 - (source-af-packet.c:1525) <Info> (ReceiveAFPThreadInit) -- Enabling zero copy mode
[28407] 11/12/2012 -- 19:28:47 - (source-af-packet.c:1535) <Info> (ReceiveAFPThreadInit) -- Enabling zero copy mode by using data release call
[28408] 11/12/2012 -- 19:28:47 - (util-affinity.c:319) <Info> (AffinityGetNextCPU) -- Setting affinity on CPU 7
[28408] 11/12/2012 -- 19:28:47 - (tm-threads.c:1292) <Info> (TmThreadSetupOptions) -- Setting prio -2 for "AFPacketeth38" Module to cpu/core 7, thread id 28408
[28408] 11/12/2012 -- 19:28:47 - (source-af-packet.c:1525) <Info> (ReceiveAFPThreadInit) -- Enabling zero copy mode
[28408] 11/12/2012 -- 19:28:47 - (source-af-packet.c:1535) <Info> (ReceiveAFPThreadInit) -- Enabling zero copy mode by using data release call
[28409] 11/12/2012 -- 19:28:47 - (util-affinity.c:319) <Info> (AffinityGetNextCPU) -- Setting affinity on CPU 8
[28409] 11/12/2012 -- 19:28:47 - (tm-threads.c:1292) <Info> (TmThreadSetupOptions) -- Setting prio -2 for "AFPacketeth39" Module to cpu/core 8, thread id 28409
[28409] 11/12/2012 -- 19:28:47 - (source-af-packet.c:1525) <Info> (ReceiveAFPThreadInit) -- Enabling zero copy mode
[28409] 11/12/2012 -- 19:28:47 - (source-af-packet.c:1535) <Info> (ReceiveAFPThreadInit) -- Enabling zero copy mode by using data release call
[28410] 11/12/2012 -- 19:28:47 - (util-affinity.c:319) <Info> (AffinityGetNextCPU) -- Setting affinity on CPU 9
[28410] 11/12/2012 -- 19:28:47 - (tm-threads.c:1292) <Info> (TmThreadSetupOptions) -- Setting prio -2 for "AFPacketeth310" Module to cpu/core 9, thread id 28410
[28410] 11/12/2012 -- 19:28:47 - (source-af-packet.c:1525) <Info> (ReceiveAFPThreadInit) -- Enabling zero copy mode
[28410] 11/12/2012 -- 19:28:47 - (source-af-packet.c:1535) <Info> (ReceiveAFPThreadInit) -- Enabling zero copy mode by using data release call
[28411] 11/12/2012 -- 19:28:47 - (util-affinity.c:319) <Info> (AffinityGetNextCPU) -- Setting affinity on CPU 10
[28411] 11/12/2012 -- 19:28:47 - (tm-threads.c:1292) <Info> (TmThreadSetupOptions) -- Setting prio -2 for "AFPacketeth311" Module to cpu/core 10, thread id 28411
[28411] 11/12/2012 -- 19:28:47 - (source-af-packet.c:1525) <Info> (ReceiveAFPThreadInit) -- Enabling zero copy mode
[28411] 11/12/2012 -- 19:28:47 - (source-af-packet.c:1535) <Info> (ReceiveAFPThreadInit) -- Enabling zero copy mode by using data release call
[28412] 11/12/2012 -- 19:28:47 - (util-affinity.c:319) <Info> (AffinityGetNextCPU) -- Setting affinity on CPU 11
[28412] 11/12/2012 -- 19:28:47 - (tm-threads.c:1292) <Info> (TmThreadSetupOptions) -- Setting prio -2 for "AFPacketeth312" Module to cpu/core 11, thread id 28412
[28412] 11/12/2012 -- 19:28:47 - (source-af-packet.c:1525) <Info> (ReceiveAFPThreadInit) -- Enabling zero copy mode
[28412] 11/12/2012 -- 19:28:47 - (source-af-packet.c:1535) <Info> (ReceiveAFPThreadInit) -- Enabling zero copy mode by using data release call
[28413] 11/12/2012 -- 19:28:47 - (util-affinity.c:319) <Info> (AffinityGetNextCPU) -- Setting affinity on CPU 12
[28413] 11/12/2012 -- 19:28:47 - (tm-threads.c:1292) <Info> (TmThreadSetupOptions) -- Setting prio -2 for "AFPacketeth313" Module to cpu/core 12, thread id 28413
[28413] 11/12/2012 -- 19:28:47 - (source-af-packet.c:1525) <Info> (ReceiveAFPThreadInit) -- Enabling zero copy mode
[28413] 11/12/2012 -- 19:28:47 - (source-af-packet.c:1535) <Info> (ReceiveAFPThreadInit) -- Enabling zero copy mode by using data release call
[28414] 11/12/2012 -- 19:28:47 - (util-affinity.c:319) <Info> (AffinityGetNextCPU) -- Setting affinity on CPU 13
[28414] 11/12/2012 -- 19:28:47 - (tm-threads.c:1292) <Info> (TmThreadSetupOptions) -- Setting prio -2 for "AFPacketeth314" Module to cpu/core 13, thread id 28414
[28414] 11/12/2012 -- 19:28:47 - (source-af-packet.c:1525) <Info> (ReceiveAFPThreadInit) -- Enabling zero copy mode
[28414] 11/12/2012 -- 19:28:47 - (source-af-packet.c:1535) <Info> (ReceiveAFPThreadInit) -- Enabling zero copy mode by using data release call
[28415] 11/12/2012 -- 19:28:47 - (util-affinity.c:319) <Info> (AffinityGetNextCPU) -- Setting affinity on CPU 14
[28415] 11/12/2012 -- 19:28:47 - (tm-threads.c:1292) <Info> (TmThreadSetupOptions) -- Setting prio -2 for "AFPacketeth315" Module to cpu/core 14, thread id 28415
[28415] 11/12/2012 -- 19:28:47 - (source-af-packet.c:1525) <Info> (ReceiveAFPThreadInit) -- Enabling zero copy mode
[28415] 11/12/2012 -- 19:28:47 - (source-af-packet.c:1535) <Info> (ReceiveAFPThreadInit) -- Enabling zero copy mode by using data release call
[28416] 11/12/2012 -- 19:28:47 - (util-affinity.c:319) <Info> (AffinityGetNextCPU) -- Setting affinity on CPU 15
[28416] 11/12/2012 -- 19:28:47 - (tm-threads.c:1292) <Info> (TmThreadSetupOptions) -- Setting prio -2 for "AFPacketeth316" Module to cpu/core 15, thread id 28416
[28416] 11/12/2012 -- 19:28:47 - (source-af-packet.c:1525) <Info> (ReceiveAFPThreadInit) -- Enabling zero copy mode
[28416] 11/12/2012 -- 19:28:47 - (source-af-packet.c:1535) <Info> (ReceiveAFPThreadInit) -- Enabling zero copy mode by using data release call
[28146] 11/12/2012 -- 19:28:47 - (runmode-af-packet.c:518) <Info> (RunModeIdsAFPWorkers) -- RunModeIdsAFPWorkers initialised
[28417] 11/12/2012 -- 19:28:47 - (tm-threads.c:1298) <Info> (TmThreadSetupOptions) -- Setting prio 2 for "FlowManagerThread" thread , thread id 28417
[28146] 11/12/2012 -- 19:28:47 - (stream-tcp.c:337) <Info> (StreamTcpInitConfig) -- stream "max-sessions": 20000000
[28146] 11/12/2012 -- 19:28:47 - (stream-tcp.c:349) <Info> (StreamTcpInitConfig) -- stream "prealloc-sessions": 10000000
[28146] 11/12/2012 -- 19:28:47 - (stream-tcp.c:365) <Info> (StreamTcpInitConfig) -- stream "memcap": 17179869184
[28146] 11/12/2012 -- 19:28:47 - (stream-tcp.c:371) <Info> (StreamTcpInitConfig) -- stream "midstream" session pickups: disabled
[28146] 11/12/2012 -- 19:28:47 - (stream-tcp.c:377) <Info> (StreamTcpInitConfig) -- stream "async-oneside": disabled
[28146] 11/12/2012 -- 19:28:47 - (stream-tcp.c:394) <Info> (StreamTcpInitConfig) -- stream "checksum-validation": disabled
[28146] 11/12/2012 -- 19:28:47 - (stream-tcp.c:416) <Info> (StreamTcpInitConfig) -- stream."inline": disabled
[28146] 11/12/2012 -- 19:28:47 - (stream-tcp.c:434) <Info> (StreamTcpInitConfig) -- stream.reassembly "memcap": 12884901888
[28146] 11/12/2012 -- 19:28:47 - (stream-tcp.c:452) <Info> (StreamTcpInitConfig) -- stream.reassembly "depth": 12582912
[28146] 11/12/2012 -- 19:28:47 - (stream-tcp.c:493) <Info> (StreamTcpInitConfig) -- stream.reassembly "toserver-chunk-size": 2560
[28146] 11/12/2012 -- 19:28:47 - (stream-tcp.c:495) <Info> (StreamTcpInitConfig) -- stream.reassembly "toclient-chunk-size": 2560
[28418] 11/12/2012 -- 19:28:49 - (tm-threads.c:1298) <Info> (TmThreadSetupOptions) -- Setting prio 2 for "SCPerfWakeupThread" thread , thread id 28418
[28419] 11/12/2012 -- 19:28:49 - (tm-threads.c:1298) <Info> (TmThreadSetupOptions) -- Setting prio 2 for "SCPerfMgmtThread" thread , thread id 28419
[28146] 11/12/2012 -- 19:28:49 - (tm-threads.c:2150) <Info> (TmThreadWaitOnThreadInit) -- all 16 packet processing threads, 3 management threads initialized, engine started.
[28401] 11/12/2012 -- 19:28:49 - (source-af-packet.c:1164) <Info> (AFPComputeRingParams) -- AF_PACKET RX Ring params: block_size=32768 block_nr=15001 frame_size=1584 frame_nr=300020
[28401] 11/12/2012 -- 19:28:49 - (source-af-packet.c:1352) <Info> (AFPCreateSocket) -- Using interface 'eth3' via socket 7
[28401] 11/12/2012 -- 19:28:49 - (source-af-packet.c:963) <Info> (ReceiveAFPLoop) -- Thread AFPacketeth31 using socket 7
[28402] 11/12/2012 -- 19:28:49 - (source-af-packet.c:1164) <Info> (AFPComputeRingParams) -- AF_PACKET RX Ring params: block_size=32768 block_nr=15001 frame_size=1584 frame_nr=300020
[28402] 11/12/2012 -- 19:28:49 - (source-af-packet.c:1352) <Info> (AFPCreateSocket) -- Using interface 'eth3' via socket 8
[28402] 11/12/2012 -- 19:28:49 - (source-af-packet.c:963) <Info> (ReceiveAFPLoop) -- Thread AFPacketeth32 using socket 8
[28403] 11/12/2012 -- 19:28:49 - (source-af-packet.c:1164) <Info> (AFPComputeRingParams) -- AF_PACKET RX Ring params: block_size=32768 block_nr=15001 frame_size=1584 frame_nr=300020
[28403] 11/12/2012 -- 19:28:49 - (source-af-packet.c:1352) <Info> (AFPCreateSocket) -- Using interface 'eth3' via socket 9
[28403] 11/12/2012 -- 19:28:49 - (source-af-packet.c:963) <Info> (ReceiveAFPLoop) -- Thread AFPacketeth33 using socket 9
[28404] 11/12/2012 -- 19:28:49 - (source-af-packet.c:1164) <Info> (AFPComputeRingParams) -- AF_PACKET RX Ring params: block_size=32768 block_nr=15001 frame_size=1584 frame_nr=300020
[28404] 11/12/2012 -- 19:28:49 - (source-af-packet.c:1352) <Info> (AFPCreateSocket) -- Using interface 'eth3' via socket 10
[28404] 11/12/2012 -- 19:28:49 - (source-af-packet.c:963) <Info> (ReceiveAFPLoop) -- Thread AFPacketeth34 using socket 10
[28405] 11/12/2012 -- 19:28:49 - (source-af-packet.c:1164) <Info> (AFPComputeRingParams) -- AF_PACKET RX Ring params: block_size=32768 block_nr=15001 frame_size=1584 frame_nr=300020
[28405] 11/12/2012 -- 19:28:49 - (source-af-packet.c:1352) <Info> (AFPCreateSocket) -- Using interface 'eth3' via socket 11
[28405] 11/12/2012 -- 19:28:49 - (source-af-packet.c:963) <Info> (ReceiveAFPLoop) -- Thread AFPacketeth35 using socket 11
[28406] 11/12/2012 -- 19:28:49 - (source-af-packet.c:1164) <Info> (AFPComputeRingParams) -- AF_PACKET RX Ring params: block_size=32768 block_nr=15001 frame_size=1584 frame_nr=300020
[28406] 11/12/2012 -- 19:28:50 - (source-af-packet.c:1352) <Info> (AFPCreateSocket) -- Using interface 'eth3' via socket 12
[28406] 11/12/2012 -- 19:28:50 - (source-af-packet.c:963) <Info> (ReceiveAFPLoop) -- Thread AFPacketeth36 using socket 12
[28407] 11/12/2012 -- 19:28:50 - (source-af-packet.c:1164) <Info> (AFPComputeRingParams) -- AF_PACKET RX Ring params: block_size=32768 block_nr=15001 frame_size=1584 frame_nr=300020
[28407] 11/12/2012 -- 19:28:50 - (source-af-packet.c:1352) <Info> (AFPCreateSocket) -- Using interface 'eth3' via socket 13
[28407] 11/12/2012 -- 19:28:50 - (source-af-packet.c:963) <Info> (ReceiveAFPLoop) -- Thread AFPacketeth37 using socket 13
[28408] 11/12/2012 -- 19:28:50 - (source-af-packet.c:1164) <Info> (AFPComputeRingParams) -- AF_PACKET RX Ring params: block_size=32768 block_nr=15001 frame_size=1584 frame_nr=300020
[28408] 11/12/2012 -- 19:28:50 - (source-af-packet.c:1352) <Info> (AFPCreateSocket) -- Using interface 'eth3' via socket 14
[28408] 11/12/2012 -- 19:28:50 - (source-af-packet.c:963) <Info> (ReceiveAFPLoop) -- Thread AFPacketeth38 using socket 14
[28409] 11/12/2012 -- 19:28:50 - (source-af-packet.c:1164) <Info> (AFPComputeRingParams) -- AF_PACKET RX Ring params: block_size=32768 block_nr=15001 frame_size=1584 frame_nr=300020
[28409] 11/12/2012 -- 19:28:50 - (source-af-packet.c:1352) <Info> (AFPCreateSocket) -- Using interface 'eth3' via socket 15
[28409] 11/12/2012 -- 19:28:50 - (source-af-packet.c:963) <Info> (ReceiveAFPLoop) -- Thread AFPacketeth39 using socket 15
[28410] 11/12/2012 -- 19:28:50 - (source-af-packet.c:1164) <Info> (AFPComputeRingParams) -- AF_PACKET RX Ring params: block_size=32768 block_nr=15001 frame_size=1584 frame_nr=300020
[28410] 11/12/2012 -- 19:28:50 - (source-af-packet.c:1352) <Info> (AFPCreateSocket) -- Using interface 'eth3' via socket 16
[28410] 11/12/2012 -- 19:28:50 - (source-af-packet.c:963) <Info> (ReceiveAFPLoop) -- Thread AFPacketeth310 using socket 16
[28411] 11/12/2012 -- 19:28:50 - (source-af-packet.c:1164) <Info> (AFPComputeRingParams) -- AF_PACKET RX Ring params: block_size=32768 block_nr=15001 frame_size=1584 frame_nr=300020
[28411] 11/12/2012 -- 19:28:51 - (source-af-packet.c:1352) <Info> (AFPCreateSocket) -- Using interface 'eth3' via socket 17
[28411] 11/12/2012 -- 19:28:51 - (source-af-packet.c:963) <Info> (ReceiveAFPLoop) -- Thread AFPacketeth311 using socket 17
[28412] 11/12/2012 -- 19:28:51 - (source-af-packet.c:1164) <Info> (AFPComputeRingParams) -- AF_PACKET RX Ring params: block_size=32768 block_nr=15001 frame_size=1584 frame_nr=300020
[28412] 11/12/2012 -- 19:28:51 - (source-af-packet.c:1352) <Info> (AFPCreateSocket) -- Using interface 'eth3' via socket 18
[28412] 11/12/2012 -- 19:28:51 - (source-af-packet.c:963) <Info> (ReceiveAFPLoop) -- Thread AFPacketeth312 using socket 18
[28413] 11/12/2012 -- 19:28:51 - (source-af-packet.c:1164) <Info> (AFPComputeRingParams) -- AF_PACKET RX Ring params: block_size=32768 block_nr=15001 frame_size=1584 frame_nr=300020
[28413] 11/12/2012 -- 19:28:51 - (source-af-packet.c:1352) <Info> (AFPCreateSocket) -- Using interface 'eth3' via socket 19
[28413] 11/12/2012 -- 19:28:51 - (source-af-packet.c:963) <Info> (ReceiveAFPLoop) -- Thread AFPacketeth313 using socket 19
[28414] 11/12/2012 -- 19:28:51 - (source-af-packet.c:1164) <Info> (AFPComputeRingParams) -- AF_PACKET RX Ring params: block_size=32768 block_nr=15001 frame_size=1584 frame_nr=300020
[28414] 11/12/2012 -- 19:28:51 - (source-af-packet.c:1352) <Info> (AFPCreateSocket) -- Using interface 'eth3' via socket 20
[28414] 11/12/2012 -- 19:28:51 - (source-af-packet.c:963) <Info> (ReceiveAFPLoop) -- Thread AFPacketeth314 using socket 20
[28415] 11/12/2012 -- 19:28:51 - (source-af-packet.c:1164) <Info> (AFPComputeRingParams) -- AF_PACKET RX Ring params: block_size=32768 block_nr=15001 frame_size=1584 frame_nr=300020
[28415] 11/12/2012 -- 19:28:51 - (source-af-packet.c:1352) <Info> (AFPCreateSocket) -- Using interface 'eth3' via socket 21
[28415] 11/12/2012 -- 19:28:51 - (source-af-packet.c:963) <Info> (ReceiveAFPLoop) -- Thread AFPacketeth315 using socket 21
[28416] 11/12/2012 -- 19:28:51 - (source-af-packet.c:1164) <Info> (AFPComputeRingParams) -- AF_PACKET RX Ring params: block_size=32768 block_nr=15001 frame_size=1584 frame_nr=300020
[28416] 11/12/2012 -- 19:28:52 - (source-af-packet.c:1352) <Info> (AFPCreateSocket) -- Using interface 'eth3' via socket 22
[28416] 11/12/2012 -- 19:28:52 - (source-af-packet.c:427) <Info> (AFPPeersListReachedInc) -- All AFP capture threads are running.
[28416] 11/12/2012 -- 19:28:52 - (source-af-packet.c:963) <Info> (ReceiveAFPLoop) -- Thread AFPacketeth316 using socket 22

^C[28146] 11/12/2012 -- 19:29:52 - (suricata.c:2013) <Info> (main) -- Signal Received.  Stopping engine.
[28417] 11/12/2012 -- 19:29:52 - (flow-manager.c:554) <Info> (FlowManagerThread) -- 0 new flows, 0 established flows were timed out, 0 flows in closed state

[28146] 11/12/2012 -- 19:31:27 - (tm-threads.c:1736) <Error> (TmThreadDisableThreadsWithTMS) -- [ERRCODE: SC_ERR_FATAL(171)] - Engine unable to disable detect thread - "AFPacketeth31".  Killing engine

Thanks

Actions #5

Updated by Victor Julien about 10 years ago

  • Status changed from Assigned to Closed
  • % Done changed from 0 to 100

Merged, thanks Anoop.

Actions

Also available in: Atom PDF