Hi guys:
There was a problem during the testing,I need your help,thinks.
information:
suricata version:6.0.3
This is my NIC p2p2 info, it has probably about 1.6G/s traffic.
[root@f/]# cat /proc/net/pf_ring/dev/p2p2/info
Name: p2p2
Index: 5
Address: B4:96:91:E1:00:1E
Polling Mode: NAPI
Promisc: Enabled
Type: Ethernet
Family: Standard NIC
# Bound Sockets: 8
TX Queues: 8
RX Queues: 8
[root@f /]# ethtool -S p2p2
NIC statistics:
rx_packets: 5402267713
tx_packets: 0
rx_bytes: 6396989153795
tx_bytes: 0
rx_pkts_nic: 5402267709
tx_pkts_nic: 0
rx_bytes_nic: 6433656125052
tx_bytes_nic: 0
lsc_int: 2
tx_busy: 0
non_eop_descs: 0
rx_errors: 117
tx_errors: 0
rx_dropped: 151046
tx_dropped: 0
multicast: 3540655
broadcast: 1237205
rx_no_buffer_count: 0
collisions: 0
rx_over_errors: 0
rx_crc_errors: 117
rx_frame_errors: 0
hw_rsc_aggregated: 0
hw_rsc_flushed: 0
fdir_match: 0
fdir_miss: 5401065638
fdir_overflow: 0
rx_fifo_errors: 0
rx_missed_errors: 0
tx_aborted_errors: 0
tx_carrier_errors: 0
tx_fifo_errors: 0
tx_heartbeat_errors: 0
tx_timeout_count: 0
tx_restart_queue: 0
rx_length_errors: 0
rx_long_length_errors: 0
rx_short_length_errors: 0
tx_flow_control_xon: 0
rx_flow_control_xon: 0
tx_flow_control_xoff: 0
rx_flow_control_xoff: 0
rx_csum_offload_errors: 95373
alloc_rx_page: 4178
alloc_rx_page_failed: 0
alloc_rx_buff_failed: 0
rx_no_dma_resources: 0
os2bmc_rx_by_bmc: 0
os2bmc_tx_by_bmc: 0
os2bmc_tx_by_host: 0
os2bmc_rx_by_host: 0
tx_hwtstamp_timeouts: 0
tx_hwtstamp_skipped: 0
rx_hwtstamp_cleared: 0
tx_ipsec: 0
rx_ipsec: 0
fcoe_bad_fccrc: 0
rx_fcoe_dropped: 0
rx_fcoe_packets: 0
rx_fcoe_dwords: 0
fcoe_noddp: 0
fcoe_noddp_ext_buff: 0
tx_fcoe_packets: 0
tx_fcoe_dwords: 0
tx_queue_0_packets: 0
tx_queue_0_bytes: 0
tx_queue_1_packets: 0
tx_queue_1_bytes: 0
tx_queue_2_packets: 0
tx_queue_2_bytes: 0
tx_queue_3_packets: 0
tx_queue_3_bytes: 0
tx_queue_4_packets: 0
tx_queue_4_bytes: 0
tx_queue_5_packets: 0
tx_queue_5_bytes: 0
tx_queue_6_packets: 0
tx_queue_6_bytes: 0
tx_queue_7_packets: 0
tx_queue_7_bytes: 0
tx_queue_8_packets: 0
tx_queue_8_bytes: 0
tx_queue_9_packets: 0
tx_queue_9_bytes: 0
tx_queue_10_packets: 0
tx_queue_10_bytes: 0
tx_queue_11_packets: 0
tx_queue_11_bytes: 0
tx_queue_12_packets: 0
tx_queue_12_bytes: 0
tx_queue_13_packets: 0
tx_queue_13_bytes: 0
tx_queue_14_packets: 0
tx_queue_14_bytes: 0
tx_queue_15_packets: 0
tx_queue_15_bytes: 0
tx_queue_16_packets: 0
tx_queue_16_bytes: 0
tx_queue_17_packets: 0
tx_queue_17_bytes: 0
tx_queue_18_packets: 0
tx_queue_18_bytes: 0
tx_queue_19_packets: 0
tx_queue_19_bytes: 0
tx_queue_20_packets: 0
tx_queue_20_bytes: 0
tx_queue_21_packets: 0
tx_queue_21_bytes: 0
tx_queue_22_packets: 0
tx_queue_22_bytes: 0
tx_queue_23_packets: 0
tx_queue_23_bytes: 0
tx_queue_24_packets: 0
tx_queue_24_bytes: 0
tx_queue_25_packets: 0
tx_queue_25_bytes: 0
tx_queue_26_packets: 0
tx_queue_26_bytes: 0
tx_queue_27_packets: 0
tx_queue_27_bytes: 0
tx_queue_28_packets: 0
tx_queue_28_bytes: 0
tx_queue_29_packets: 0
tx_queue_29_bytes: 0
tx_queue_30_packets: 0
tx_queue_30_bytes: 0
tx_queue_31_packets: 0
tx_queue_31_bytes: 0
tx_queue_32_packets: 0
tx_queue_32_bytes: 0
tx_queue_33_packets: 0
tx_queue_33_bytes: 0
tx_queue_34_packets: 0
tx_queue_34_bytes: 0
tx_queue_35_packets: 0
tx_queue_35_bytes: 0
tx_queue_36_packets: 0
tx_queue_36_bytes: 0
tx_queue_37_packets: 0
tx_queue_37_bytes: 0
tx_queue_38_packets: 0
tx_queue_38_bytes: 0
tx_queue_39_packets: 0
tx_queue_39_bytes: 0
tx_queue_40_packets: 0
tx_queue_40_bytes: 0
tx_queue_41_packets: 0
tx_queue_41_bytes: 0
tx_queue_42_packets: 0
tx_queue_42_bytes: 0
tx_queue_43_packets: 0
tx_queue_43_bytes: 0
tx_queue_44_packets: 0
tx_queue_44_bytes: 0
tx_queue_45_packets: 0
tx_queue_45_bytes: 0
tx_queue_46_packets: 0
tx_queue_46_bytes: 0
tx_queue_47_packets: 0
tx_queue_47_bytes: 0
tx_queue_48_packets: 0
tx_queue_48_bytes: 0
tx_queue_49_packets: 0
tx_queue_49_bytes: 0
tx_queue_50_packets: 0
tx_queue_50_bytes: 0
tx_queue_51_packets: 0
tx_queue_51_bytes: 0
tx_queue_52_packets: 0
tx_queue_52_bytes: 0
tx_queue_53_packets: 0
tx_queue_53_bytes: 0
tx_queue_54_packets: 0
tx_queue_54_bytes: 0
tx_queue_55_packets: 0
tx_queue_55_bytes: 0
tx_queue_56_packets: 0
tx_queue_56_bytes: 0
tx_queue_57_packets: 0
tx_queue_57_bytes: 0
tx_queue_58_packets: 0
tx_queue_58_bytes: 0
tx_queue_59_packets: 0
tx_queue_59_bytes: 0
tx_queue_60_packets: 0
tx_queue_60_bytes: 0
tx_queue_61_packets: 0
tx_queue_61_bytes: 0
tx_queue_62_packets: 0
tx_queue_62_bytes: 0
tx_queue_63_packets: 0
tx_queue_63_bytes: 0
rx_queue_0_packets: 232635096
rx_queue_0_bytes: 219525424702
rx_queue_1_packets: 338519597
rx_queue_1_bytes: 381768123762
rx_queue_2_packets: 446670330
rx_queue_2_bytes: 539236745433
rx_queue_3_packets: 2155718052
rx_queue_3_bytes: 3097130823445
rx_queue_4_packets: 425237107
rx_queue_4_bytes: 486151238179
rx_queue_5_packets: 834267022
rx_queue_5_bytes: 521368161142
rx_queue_6_packets: 489487563
rx_queue_6_bytes: 585296479661
rx_queue_7_packets: 479732946
rx_queue_7_bytes: 566512157471
rx_queue_8_packets: 0
rx_queue_8_bytes: 0
rx_queue_9_packets: 0
rx_queue_9_bytes: 0
rx_queue_10_packets: 0
rx_queue_10_bytes: 0
rx_queue_11_packets: 0
rx_queue_11_bytes: 0
rx_queue_12_packets: 0
rx_queue_12_bytes: 0
rx_queue_13_packets: 0
rx_queue_13_bytes: 0
rx_queue_14_packets: 0
rx_queue_14_bytes: 0
rx_queue_15_packets: 0
rx_queue_15_bytes: 0
rx_queue_16_packets: 0
rx_queue_16_bytes: 0
rx_queue_17_packets: 0
rx_queue_17_bytes: 0
rx_queue_18_packets: 0
rx_queue_18_bytes: 0
rx_queue_19_packets: 0
rx_queue_19_bytes: 0
rx_queue_20_packets: 0
rx_queue_20_bytes: 0
rx_queue_21_packets: 0
rx_queue_21_bytes: 0
rx_queue_22_packets: 0
rx_queue_22_bytes: 0
rx_queue_23_packets: 0
rx_queue_23_bytes: 0
rx_queue_24_packets: 0
rx_queue_24_bytes: 0
rx_queue_25_packets: 0
rx_queue_25_bytes: 0
rx_queue_26_packets: 0
rx_queue_26_bytes: 0
rx_queue_27_packets: 0
rx_queue_27_bytes: 0
rx_queue_28_packets: 0
rx_queue_28_bytes: 0
rx_queue_29_packets: 0
rx_queue_29_bytes: 0
rx_queue_30_packets: 0
rx_queue_30_bytes: 0
rx_queue_31_packets: 0
rx_queue_31_bytes: 0
rx_queue_32_packets: 0
rx_queue_32_bytes: 0
rx_queue_33_packets: 0
rx_queue_33_bytes: 0
rx_queue_34_packets: 0
rx_queue_34_bytes: 0
rx_queue_35_packets: 0
rx_queue_35_bytes: 0
rx_queue_36_packets: 0
rx_queue_36_bytes: 0
rx_queue_37_packets: 0
rx_queue_37_bytes: 0
rx_queue_38_packets: 0
rx_queue_38_bytes: 0
rx_queue_39_packets: 0
rx_queue_39_bytes: 0
rx_queue_40_packets: 0
rx_queue_40_bytes: 0
rx_queue_41_packets: 0
rx_queue_41_bytes: 0
rx_queue_42_packets: 0
rx_queue_42_bytes: 0
rx_queue_43_packets: 0
rx_queue_43_bytes: 0
rx_queue_44_packets: 0
rx_queue_44_bytes: 0
rx_queue_45_packets: 0
rx_queue_45_bytes: 0
rx_queue_46_packets: 0
rx_queue_46_bytes: 0
rx_queue_47_packets: 0
rx_queue_47_bytes: 0
rx_queue_48_packets: 0
rx_queue_48_bytes: 0
rx_queue_49_packets: 0
rx_queue_49_bytes: 0
rx_queue_50_packets: 0
rx_queue_50_bytes: 0
rx_queue_51_packets: 0
rx_queue_51_bytes: 0
rx_queue_52_packets: 0
rx_queue_52_bytes: 0
rx_queue_53_packets: 0
rx_queue_53_bytes: 0
rx_queue_54_packets: 0
rx_queue_54_bytes: 0
rx_queue_55_packets: 0
rx_queue_55_bytes: 0
rx_queue_56_packets: 0
rx_queue_56_bytes: 0
rx_queue_57_packets: 0
rx_queue_57_bytes: 0
rx_queue_58_packets: 0
rx_queue_58_bytes: 0
rx_queue_59_packets: 0
rx_queue_59_bytes: 0
rx_queue_60_packets: 0
rx_queue_60_bytes: 0
rx_queue_61_packets: 0
rx_queue_61_bytes: 0
rx_queue_62_packets: 0
rx_queue_62_bytes: 0
rx_queue_63_packets: 0
rx_queue_63_bytes: 0
tx_pb_0_pxon: 0
tx_pb_0_pxoff: 0
tx_pb_1_pxon: 0
tx_pb_1_pxoff: 0
tx_pb_2_pxon: 0
tx_pb_2_pxoff: 0
tx_pb_3_pxon: 0
tx_pb_3_pxoff: 0
tx_pb_4_pxon: 0
tx_pb_4_pxoff: 0
tx_pb_5_pxon: 0
tx_pb_5_pxoff: 0
tx_pb_6_pxon: 0
tx_pb_6_pxoff: 0
tx_pb_7_pxon: 0
tx_pb_7_pxoff: 0
rx_pb_0_pxon: 0
rx_pb_0_pxoff: 0
rx_pb_1_pxon: 0
rx_pb_1_pxoff: 0
rx_pb_2_pxon: 0
rx_pb_2_pxoff: 0
rx_pb_3_pxon: 0
rx_pb_3_pxoff: 0
rx_pb_4_pxon: 0
rx_pb_4_pxoff: 0
rx_pb_5_pxon: 0
rx_pb_5_pxoff: 0
rx_pb_6_pxon: 0
rx_pb_6_pxoff: 0
rx_pb_7_pxon: 0
rx_pb_7_pxoff: 0
The runnning command:suricata --pfring -c /etc/suricata/suricata.yaml --runmode=workers -D
[root@f /]# suricata --build-info
This is Suricata version 6.0.3 RELEASE
Features: PCAP_SET_BUFF PF_RING AF_PACKET HAVE_PACKET_FANOUT LIBCAP_NG LIBNET1.1 HAVE_HTP_URI_NORMALIZE_HOOK PCRE_JIT HAVE_NSS HAVE_LUA HAVE_LUAJIT HAVE_LIBJANSSON PROFILING TLS TLS_GNU MAGIC RUST
SIMD support: SSE_4_2 SSE_4_1 SSE_3
Atomic intrinsics: 1 2 4 8 16 byte(s)
64-bits, Little-endian architecture
GCC version 4.8.5 20150623 (Red Hat 4.8.5-44), C version 199901
compiled with _FORTIFY_SOURCE=0
L1 cache line size (CLS)=64
thread local storage method: __thread
compiled with LibHTP v0.5.38, linked against LibHTP v0.5.38
Suricata Configuration:
AF_PACKET support: yes
eBPF support: no
XDP support: no
PF_RING support: yes
NFQueue support: no
NFLOG support: no
IPFW support: no
Netmap support: no
DAG enabled: no
Napatech enabled: no
WinDivert enabled: no
Unix socket enabled: yes
Detection enabled: yes
Libmagic support: yes
libnss support: yes
libnspr support: yes
libjansson support: yes
hiredis support: no
hiredis async with libevent: no
Prelude support: no
PCRE jit: yes
LUA support: yes, through luajit
libluajit: yes
GeoIP2 support: yes
Non-bundled htp: no
Hyperscan support: yes
Libnet support: yes
liblz4 support: no
HTTP2 decompression: no
Rust support: yes
Rust strict mode: no
Rust compiler path: /usr/bin/rustc
Rust compiler version: rustc 1.57.0 (Red Hat 1.57.0-1.el7)
Cargo path: /usr/bin/cargo
Cargo version: cargo 1.57.0
Cargo vendor: yes
Python support: yes
Python path: /usr/bin/python3
Python distutils yes
Python yaml no
Install suricatactl: yes
Install suricatasc: yes
Install suricata-update: no, requires pyyaml
Profiling enabled: yes
Profiling locks enabled: no
Plugin support (experimental): yes
Development settings:
Coccinelle / spatch: no
Unit tests enabled: no
Debug output enabled: no
Debug validation enabled: no
Generic build parameters:
Installation prefix: /usr
Configuration directory: /etc/suricata/
Log directory: /var/log/suricata/
--prefix /usr
--sysconfdir /etc
--localstatedir /var
--datarootdir /usr/share
Host: x86_64-pc-linux-gnu
Compiler: gcc (exec name) / g++ (real)
GCC Protect enabled: no
GCC march native enabled: yes
GCC Profile enabled: no
Position Independent Executable enabled: no
CFLAGS -g -O2 -std=gnu99 -march=native -I${srcdir}/../rust/gen -I${srcdir}/../rust/dist
PCAP_CFLAGS -I/usr/local/include
SECCFLAGS
The stats.log:
[root@f/]# tail -F /var/log/suricata/stats.log
flow_bypassed.bytes | Total | 0
tcp.memuse | Total | 95309480
tcp.reassembly_memuse | Total | 64617296
http.memuse | Total | 8024877
http.memcap | Total | 0
ftp.memuse | Total | 0
ftp.memcap | Total | 0
app_layer.expectations | Total | 0
file_store.open_files | Total | 0
flow.memuse | Total | 122617664
------------------------------------------------------------------------------------
Date: 4/19/2023 -- 07:41:41 (uptime: 0d, 00h 15m 21s)
------------------------------------------------------------------------------------
Counter | TM Name | Value
------------------------------------------------------------------------------------
capture.kernel_packets | Total | 146984825
capture.kernel_drops | Total | 20036724
capture.bypassed | Total | 0
decoder.pkts | Total | 147051183
decoder.bytes | Total | 171222669981
decoder.invalid | Total | 4725
decoder.ipv4 | Total | 146957172
decoder.ipv6 | Total | 24468
decoder.ethernet | Total | 147051183
decoder.chdlc | Total | 0
decoder.raw | Total | 0
decoder.null | Total | 0
decoder.sll | Total | 0
decoder.tcp | Total | 145642723
decoder.udp | Total | 1264529
decoder.sctp | Total | 0
decoder.icmpv4 | Total | 59009
decoder.icmpv6 | Total | 1814
decoder.ppp | Total | 0
decoder.pppoe | Total | 0
decoder.geneve | Total | 0
decoder.gre | Total | 0
decoder.vlan | Total | 98484229
decoder.vlan_qinq | Total | 0
decoder.vxlan | Total | 0
decoder.vntag | Total | 0
decoder.ieee8021ah | Total | 0
decoder.teredo | Total | 0
decoder.ipv4_in_ipv6 | Total | 0
decoder.ipv6_in_ipv6 | Total | 0
decoder.mpls | Total | 0
decoder.avg_pkt_size | Total | 1164
decoder.max_pkt_size | Total | 1518
decoder.max_mac_addrs_src | Total | 0
decoder.max_mac_addrs_dst | Total | 0
decoder.erspan | Total | 0
flow.memcap | Total | 0
flow.tcp | Total | 1719458
flow.udp | Total | 64724
flow.icmpv4 | Total | 365
flow.icmpv6 | Total | 102
flow.tcp_reuse | Total | 96
flow.get_used | Total | 0
flow.get_used_eval | Total | 0
flow.get_used_eval_reject | Total | 0
flow.get_used_eval_busy | Total | 0
flow.get_used_failed | Total | 0
flow.wrk.spare_sync_avg | Total | 100
flow.wrk.spare_sync | Total | 13354
flow.wrk.spare_sync_incomplete | Total | 0
flow.wrk.spare_sync_empty | Total | 0
defrag.ipv4.fragments | Total | 1145
defrag.ipv4.reassembled | Total | 561
defrag.ipv4.timeouts | Total | 0
defrag.ipv6.fragments | Total | 0
defrag.ipv6.reassembled | Total | 0
defrag.ipv6.timeouts | Total | 0
defrag.max_frag_hits | Total | 0
decoder.event.ipv4.pkt_too_small | Total | 0
decoder.event.ipv4.hlen_too_small | Total | 0
decoder.event.ipv4.iplen_smaller_than_hlen | Total | 0
decoder.event.ipv4.trunc_pkt | Total | 0
decoder.event.ipv4.opt_invalid | Total | 0
decoder.event.ipv4.opt_invalid_len | Total | 0
decoder.event.ipv4.opt_malformed | Total | 0
decoder.event.ipv4.opt_pad_required | Total | 1689
decoder.event.ipv6.zero_len_padn | Total | 1354
flow.wrk.flows_evicted_needs_work | Total | 18806
flow.wrk.flows_evicted_pkt_inject | Total | 20814
flow.wrk.flows_evicted | Total | 433648
flow.wrk.flows_injected | Total | 16115
tcp.sessions | Total | 1684379
tcp.ssn_memcap_drop | Total | 0
tcp.pseudo | Total | 0
tcp.pseudo_failed | Total | 0
tcp.invalid_checksum | Total | 0
tcp.no_flow | Total | 0
tcp.syn | Total | 1702853
tcp.synack | Total | 40331
tcp.rst | Total | 1794820
tcp.midstream_pickups | Total | 0
tcp.pkt_on_wrong_thread | Total | 0
tcp.segment_memcap_drop | Total | 0
tcp.stream_depth_reached | Total | 3
tcp.reassembly_gap | Total | 1493
tcp.overlap | Total | 10332
tcp.overlap_diff_data | Total | 0
tcp.insert_data_normal_fail | Total | 0
tcp.insert_data_overlap_fail | Total | 0
tcp.insert_list_fail | Total | 0
detect.alert | Total | 0
detect.mpm_list | Total | 0
detect.nonmpm_list | Total | 18
detect.fnonmpm_list | Total | 3
detect.match_list | Total | 4
app_layer.flow.http | Total | 3218
app_layer.tx.http | Total | 4530
app_layer.flow.ftp | Total | 0
app_layer.tx.ftp | Total | 0
app_layer.flow.smtp | Total | 0
app_layer.tx.smtp | Total | 0
app_layer.flow.tls | Total | 16294
app_layer.tx.tls | Total | 0
app_layer.flow.ssh | Total | 8
app_layer.tx.ssh | Total | 0
app_layer.flow.imap | Total | 0
app_layer.tx.imap | Total | 0
app_layer.flow.smb | Total | 16
app_layer.tx.smb | Total | 138
app_layer.flow.dcerpc_tcp | Total | 12
app_layer.tx.dcerpc_tcp | Total | 39
app_layer.flow.dns_tcp | Total | 126
app_layer.tx.dns_tcp | Total | 285
app_layer.flow.nfs_tcp | Total | 2
app_layer.tx.nfs_tcp | Total | 20
app_layer.flow.ntp | Total | 718
app_layer.tx.ntp | Total | 1240
app_layer.flow.ftp-data | Total | 0
app_layer.tx.ftp-data | Total | 0
app_layer.flow.tftp | Total | 0
app_layer.tx.tftp | Total | 0
app_layer.flow.ikev2 | Total | 0
app_layer.tx.ikev2 | Total | 0
app_layer.flow.krb5_tcp | Total | 7
app_layer.tx.krb5_tcp | Total | 7
app_layer.flow.dhcp | Total | 87
app_layer.tx.dhcp | Total | 1350
app_layer.flow.snmp | Total | 4700
app_layer.tx.snmp | Total | 97165
app_layer.flow.sip | Total | 7
app_layer.tx.sip | Total | 85
app_layer.flow.rfb | Total | 0
app_layer.tx.rfb | Total | 0
app_layer.flow.mqtt | Total | 0
app_layer.tx.mqtt | Total | 0
app_layer.flow.rdp | Total | 0
app_layer.tx.rdp | Total | 0
app_layer.flow.failed_tcp | Total | 8931
app_layer.flow.dcerpc_udp | Total | 0
app_layer.tx.dcerpc_udp | Total | 0
app_layer.flow.dns_udp | Total | 48259
app_layer.tx.dns_udp | Total | 75655
app_layer.flow.nfs_udp | Total | 0
app_layer.tx.nfs_udp | Total | 0
app_layer.flow.krb5_udp | Total | 0
app_layer.tx.krb5_udp | Total | 0
app_layer.flow.failed_udp | Total | 10953
flow.mgr.full_hash_pass | Total | 4
flow.mgr.closed_pruned | Total | 0
flow.mgr.new_pruned | Total | 0
flow.mgr.est_pruned | Total | 0
flow.mgr.bypassed_pruned | Total | 0
flow.spare | Total | 10084
flow.emerg_mode_entered | Total | 0
flow.emerg_mode_over | Total | 0
flow.mgr.rows_maxlen | Total | 10
flow.mgr.flows_checked | Total | 71795
flow.mgr.flows_notimeout | Total | 49494
flow.mgr.flows_timeout | Total | 22301
flow.mgr.flows_timeout_inuse | Total | 0
flow.mgr.flows_evicted | Total | 992474
flow.mgr.flows_evicted_needs_work | Total | 16115
flow_bypassed.closed | Total | 0
flow_bypassed.pkts | Total | 0
flow_bypassed.bytes | Total | 0
tcp.memuse | Total | 95310200
tcp.reassembly_memuse | Total | 64695692
http.memuse | Total | 7936185
http.memcap | Total | 0
ftp.memuse | Total | 0
ftp.memcap | Total | 0
app_layer.expectations | Total | 0
file_store.open_files | Total | 0
flow.memuse | Total | 122617664
suricata_tmp.yml (74.1 KB)
Look forward to your reply,thanks!
