Project

General

Profile

Bug #1856

Updated by Victor Julien over 7 years ago

Hi, 

 After upgrading from 3.0.1 to 3.1.1 (EL-7) we are getting the following errors when running Suricata in PCAP mode. When we specify the listening interface via the command line (as shown below) the engine starts just fine (Command and logs output provided below). 

 <pre> 
 # suricata --pcap=eth0 -c /etc/suricata/suricata.yaml 

 (/var/log/suricata/suricata.log) 

 29/7/2016 -- 12:58:32 - <Warning> - [ERRCODE: SC_ERR_NIC_OFFLOADING(284)] - NIC offloading on eth0: RX SET TX SET. Run: ethtool -K eth0 rx off tx off 
 29/7/2016 -- 12:58:32 - <Warning> - [ERRCODE: SC_ERR_NIC_OFFLOADING(284)] - NIC offloading on eth0: SG: SET,    GRO: SET, LRO: unset, TSO: SET, GSO: SET. Run: ethtool -K eth0 sg off gro off lro off tso off gso off 
 29/7/2016 -- 12:58:32 - <Notice> - all 4 packet processing threads, 2 management threads initialized, engine started.  
 </pre> 

  

 When not specifying the interface in the command and letting Suricata pick it up from the config file the following happens: 

 <pre> 
 # suricata --pcap -c /etc/suricata/suricata.yaml 

 (/var/log/suricata/suricata.log) 
 29/7/2016 -- 12:59:32 - <Error> - [ERRCODE: SC_ERR_PCAP_ACTIVATE_HANDLE(27)] - Couldn't activate the pcap handler, error SIOCGIFHWADDR: No such device 
 29/7/2016 -- 12:59:32 - <Warning> - [ERRCODE: SC_ERR_NIC_OFFLOADING(284)] - NIC offloading on eth0: RX SET TX SET. Run: ethtool -K eth0 rx off tx off 
 29/7/2016 -- 12:59:32 - <Warning> - [ERRCODE: SC_ERR_NIC_OFFLOADING(284)] - NIC offloading on eth0: SG: SET,    GRO: SET, LRO: unset, TSO: SET, GSO: SET. Run: ethtool -K eth0 sg off gro off lro off tso off gso off 
 29/7/2016 -- 12:59:32 - <Error> - [ERRCODE: SC_ERR_THREAD_INIT(49)] - thread "RX#01-" closed on initialization. 
 29/7/2016 -- 12:59:32 - <Error> - [ERRCODE: SC_ERR_INITIALIZATION(45)] - Engine initialization failed, aborting... 
 </pre>  

 This is what we have in our config file. 

 <pre> 
 pcap: 
   - interface: eth0 
 </pre> 

 In the previous version it just worked even when we run Suricata as a service. 

 We tested on both CentOS 7 and Ubuntu server 16.04 with same results. 

 Thanks in advance.

Back