Bug #818
Updated by Victor Julien almost 11 years ago
Hi, I'd like to use suricata to copy all the traffic from eth1 to eth2 and filter the unwanted traffic. my config part: <pre> af-packet: - interface: eth1 # Number of receive threads (>1 will enable experimental flow pinned # runmode) threads: 1 cluster-id: 99 cluster-type: cluster_flow defrag: yes use-mmap: yes copy-mode: ips copy-iface: eth2 </pre> When I run suricata (suricata -c /etc/suricata/suricata-debian.yaml --af-packet) I receive this error: <pre> 29/5/2013 -- 12:39:17 - <Info> - Adding interface eth1 from config file 29/5/2013 -- 12:39:17 - <Info> - Using 1 live device(s). 29/5/2013 -- 12:39:17 - <Info> - Enabling mmaped capture on iface eth1 29/5/2013 -- 12:39:17 - <Info> - AF_PACKET TAP mode activated eth1->eth2 29/5/2013 -- 12:39:17 - <Info> - Using flow cluster mode for AF_PACKET (iface eth1) 29/5/2013 -- 12:39:17 - <Info> - Using defrag kernel functionality for AF_PACKET (iface eth1) 29/5/2013 -- 12:39:17 - <Info> - Enabling zero copy mode by using data release call 29/5/2013 -- 12:39:17 - <Error> - [ERRCODE: SC_ERR_AFP_CREATE(190)] - Threads number not equals 29/5/2013 -- 12:39:17 - <Error> - [ERRCODE: SC_ERR_RUNMODE(187)] - Some IPS capture threads did not peer. </pre> A new entry appears in kern.log: Loading kernel module for a network device with CAP_SYS_MODULE (deprecated). Use CAP_NET_ADMIN and alias netdev- instead. versions: suricata 1.4.1 kernel: 3.8 system: debian sid