peter.bates at ucl
Jul 23, 2012, 6:25 AM
Post #13 of 13
(929 views)
Permalink
|
|
Re: [Snort-users] Pfring crashes the kernel with white lists.
[In reply to]
|
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello all
On 20/07/2012 17:48, Alfredo Cardigliano wrote:
> I'm trying to reproduce your issues but without success until now,
> any additional information about you configuration would be helpful
> (e.g. commands, traffic info, etc.).
I've tried some more testing, and it does just look like my system
behaves a bit odd but does actually keep running - so maybe I was
premature. It did definitely crash in the kernel last week though.
Using PF_RING fresh from svn today:
My routine:
modprobe ixgbe InterruptThrottleRate=4000
modprobe pf_ring transparent_mode=1 min_num_slots=4096 enable_tx_capture=0
ifconfig eth6 up
ifconfig eth6 promisc
set_irq_affinity.sh eth6
no rx vectors found on eth6
no tx vectors found on eth6
eth6 mask=1 for /proc/irq/61/smp_affinity
eth6 mask=2 for /proc/irq/62/smp_affinity
eth6 mask=4 for /proc/irq/63/smp_affinity
eth6 mask=8 for /proc/irq/64/smp_affinity
eth6 mask=10 for /proc/irq/65/smp_affinity
eth6 mask=20 for /proc/irq/66/smp_affinity
eth6 mask=40 for /proc/irq/67/smp_affinity
eth6 mask=80 for /proc/irq/68/smp_affinity
Run Snort x 8, clusterid=10 --daq-var bindcpu=(0 to 7)
Also running 2 other applications not compiled with PF_RING or that
fail to create anything in /proc/net/pf_ring as there's not other
RAM/slots.
pfcount:
=========================
Absolute Stats: [4376008 pkts rcvd][208825 pkts dropped]
Total Pkts=4584833/Dropped=4.6 %
4'376'008 pkts - 3'235'083'544 bytes [273'018.38 pkt/sec - 1'614.69
Mbit/sec]
=========================
Actual Stats: 260806 pkts [1'000.11 ms][260'777.31 pps/1.60 Gbps]
=========================
Free RAM
3594740 12:46 (before adding ixgbe, pf_ring)
2679276 13:00
2023816 13:10
1489004 13:21
1124252 13:30
570344 13:40
162148 13:50
123344 13:55
122140 14:00
120104 14:10
129132 14:15
121124 14:20
top - 14:00:51 up 1:25, 3 users, load average: 8.09, 6.87, 6.14
Tasks: 223 total, 10 running, 213 sleeping, 0 stopped, 0 zombie
Cpu0 : 11.3%us, 0.6%sy, 0.0%ni, 68.1%id, 0.7%wa, 0.0%hi, 19.2%si,
0.0%st
Cpu1 : 13.9%us, 0.7%sy, 0.0%ni, 59.3%id, 0.3%wa, 0.0%hi, 25.8%si,
0.0%st
Cpu2 : 9.8%us, 0.5%sy, 0.0%ni, 58.3%id, 0.6%wa, 0.0%hi, 30.8%si,
0.0%st
Cpu3 : 11.7%us, 0.7%sy, 0.0%ni, 67.9%id, 0.3%wa, 0.0%hi, 19.4%si,
0.0%st
Cpu4 : 12.4%us, 0.6%sy, 0.0%ni, 64.1%id, 0.7%wa, 0.0%hi, 22.2%si,
0.0%st
Cpu5 : 11.6%us, 0.7%sy, 0.0%ni, 67.0%id, 0.3%wa, 0.0%hi, 20.3%si,
0.0%st
Cpu6 : 10.9%us, 0.6%sy, 0.0%ni, 60.5%id, 0.4%wa, 0.0%hi, 27.6%si,
0.0%st
Cpu7 : 9.8%us, 0.6%sy, 0.0%ni, 49.8%id, 0.2%wa, 0.0%hi, 39.6%si,
0.0%st
Mem: 4117672k total, 3993416k used, 124256k free, 27144k buffers
Swap: 2031612k total, 0k used, 2031612k free, 1842316k cached
I have the output of /proc/slabinfo at various times but I'm not sure
what figures I should look at.
- --
Peter Bates
Senior Computer Security Officer Phone: +44(0)2076792049
Information Services Division Internal Ext: 32049
University College London
London WC1E 6BT
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJQDVDcAAoJELhVoVpEMS6RqRQH/ja0iKzQABg8rE9XyAIBhY2M
4U7E/FqLBpUCMAwwjb8AU/jP7hfwodiMyX39/oJqUtn9cRYIAFQI+BQ3IqdcHXMj
nbYzPBCy/DLUmnSLyVsM0T+dXuf8D+eeqA9hIgUUufC1Ks4MUgZ836Cl2XqRfdsQ
f9zjIh4SCB/u+jRXWH8321+UVmr8k6K+rS/kk/CLiJT6jYThIZSK7jMAdW+M8Wqe
5vIkLQppdaoJ4kwqqeLx4tjEmI+k0F/2+YtRjJpsNMXBJeowII6svrbyhh7olg5L
XAXA9J5r14wZKdtFBIBerFyb3jgPqnrA1kdDjBSxffVdJJFS3tF/8ybpMcaApQY=
=7NKY
-----END PGP SIGNATURE-----
_______________________________________________
Ntop-misc mailing list
Ntop-misc [at] listgateway
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
|
