Bug #598
Updated by Victor Julien about 12 years ago
Creating ticket for the issue as promised on #suricata @ freenode.net. Upgrading from Suricata 1.3.1 to 1.3.2 gives the following errors when running Suricata: <pre> 11/10/2012 -- 12:11:25 - <Error> - [ERRCODE: SC_ERR_PF_RING_SET_CLUSTER_FAILED(37)] - pfring_set_cluster returned -7 for cluster-id: 99 11/10/2012 -- 12:11:25 - <Error> - [ERRCODE: SC_ERR_THREAD_INIT(49)] - thread "RxPFRdna11" closed on initialization. 11/10/2012 -- 12:11:25 - <Error> - [ERRCODE: SC_ERR_INITIALIZATION(45)] - Engine initialization failed, aborting... </pre> I'm running Suricata with the following parameters: suricata -c /etc/suricata/suricata.yaml --pfring-int dna1 --pfring-cluster-id 99 --pfring-cluster-type cluster_flow Omitting the cluster id and cluster type didn't help. Neither did changing the cluster id to another value (e.g. 0). PF_RING info: <pre> cat /proc/net/pf_ring/info PF_RING Version : 5.4.6 ($Revision: 5735$) Ring slots : 65536 Slot version : 14 Capture TX : No [RX only] IP Defragment : No Socket Mode : Standard Transparent mode : No (mode 2) Total rings : 0 Total plugins : 0 </pre> I have also tried using PF_RING 5.4.5 with the same result. When using Suricata 1.3.1 it works, but only when using one PF_RING thread, so the error most likely appears when the cluster id is set. When running Suricata with PF_RING but without DNA then everyting works, so this is probably a problem limited to PF_RING DNA. Reverting the changes made to src/source-pfring.c (back to version 1.3.1) made Suricata 1.3.2 runnable again. Please let me know if you need more information to debug the issue. Thanks! Kind regards, Mats Klepsland