Hi all,
After applying Jeff’s patch (Suricata 6.0.2 fails to compile from source under FreeBSD 13). all works perfect under FreeBSD 13 with netmap, except when I try to stop suricata. Always returns the following error:
25/4/2021 – 15:37:17 - - [ERRCODE: SC_ERR_FATAL(171)] - Engine unable to disable detect thread - “W#01-vtnet4”. Killing engine
With Suricata 5.0.4 this works ok. maybe is this a bug?
Correction – @ish developed and prepared the patch, not me.
I think that not everything is working as it should under FreeBSD13+netmap
capture.kernel_packets | Total | 77104
decoder.pkts | Total | 77104
decoder.bytes | Total | 60123350
decoder.ipv4 | Total | 77104
decoder.ethernet | Total | 77104
decoder.tcp | Total | 3547
decoder.udp | Total | 73557
decoder.avg_pkt_size | Total | 779
decoder.max_pkt_size | Total | 1494
flow.tcp | Total | 76
flow.udp | Total | 39
flow.wrk.spare_sync_avg | Total | 100
flow.wrk.spare_sync | Total | 2
flow.wrk.flows_evicted_needs_work | Total | 1
flow.wrk.flows_evicted_pkt_inject | Total | 1
flow.wrk.flows_evicted | Total | 4
flow.wrk.flows_injected | Total | 1
tcp.sessions | Total | 38
tcp.syn | Total | 54
tcp.synack | Total | 35
tcp.rst | Total | 8
tcp.overlap | Total | 18
detect.alert | Total | 1
detect.mpm_list | Total | 1
detect.nonmpm_list | Total | 91
detect.fnonmpm_list | Total | 41
detect.match_list | Total | 42
app_layer.flow.tls | Total | 35
app_layer.flow.ntp | Total | 2
app_layer.tx.ntp | Total | 2
app_layer.flow.dns_udp | Total | 20
app_layer.tx.dns_udp | Total | 40
app_layer.flow.failed_udp | Total | 17
flow.mgr.full_hash_pass | Total | 28
flow.spare | Total | 9875
flow.mgr.rows_maxlen | Total | 1
flow.mgr.flows_checked | Total | 184
flow.mgr.flows_notimeout | Total | 74
flow.mgr.flows_timeout | Total | 110
flow.mgr.flows_evicted | Total | 110
flow.mgr.flows_evicted_needs_work | Total | 35
tcp.memuse | Total | 573440
tcp.reassembly_memuse | Total | 370688
flow.memuse | Total | 7074304
I have assigned only 1 thread to netmap capture interface … maybe is this the problem?