Project

General

Profile

Actions

Bug #7179

open

Capture Kernel Drops happen when data transferring inside the intranet

Added by Samiux A 5 months ago. Updated 5 months ago.

Status:
New
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

Mode : IDS with af-packet
Suricata : 7.0.6 and below with hyperscan
OS : Debian 12.x

Capture Kernel Drops only happens when data transferring between machines inside the intranet.

Actions #1

Updated by Victor Julien 5 months ago

There is no detail in this report. Why do you believe there is a bug?

Actions #2

Updated by Samiux A 5 months ago

It is because it only happens when the large data (for example, 10Mb) exchange between machines in the intranet. It does not happen when the large data is exchange between machine and remote server (internet), for example, download large file.

Actions #3

Updated by Victor Julien 5 months ago

How much data? What protocols? How many flows? Please include such detail in your report.

Actions #4

Updated by Samiux A 5 months ago

How to get such data? Get from the stats.log?

Actions #5

Updated by Samiux A 5 months ago

I have a NextCloud machine in the network. When I paste a file (size 7.6MB) to the NextCloud directory via Linux file manager, there is no kernel drop observed. However, when I paste a file (size 7.9MB) to the NextCloud directory via Linux file manager, there is a 3 to 4 kernel drop observed. If I paste a file large than 10MB or above, the large number of kernel drop can be observed according the file size.

When the file size is below 7.6MB, there is no kernel drop observed.

Meanwhile, I do not use DAV or HTTP protocol (and not HTTPS) to paste the file to NextCloud, I think it is TCP protocol.

The network is connected with 1000Mbps network interface cards.

Actions #6

Updated by Samiux A 5 months ago

Please close this thread as the problem is solved by changing the settings in suricata.yaml.

Actions

Also available in: Atom PDF