Hi
I have setup bro 2.4.1 to monitor bridge interface(br0) with pf-ring
in the conn.log history field, there are lot of them missing ‘S’
I did not have this problem with bro2.3 with same setup.
in bro 2.4.1 if I change br0 to physical NIC eth4, this problem goes away
is there a way to work around this?
has anyone encounter this kind of problem?
my setup is
cpu: AMD Opteron 6376 32core
ram: 64G
ubuntu 12.04.5
bro 2.4.1
pf-ring version-5.6.1, mode 0, RX+TX
intel NIC 4port (igb dirver)
conn.log history count TOP 25 :
15265 Dd
8796 D
7267 hadfF
6558 hadf
2629 FRa
2294 Fr
1938 hadFf
1883 Fa
1298 S
1245 hadfFR
1134 hf
1067 d
1043 -
1001 F
984 R
858 hdf
700 hdaFf
667 FRr
643 hdfFa
608 ShADadFr
568 ShADfFa
517 r
474 hadR
416 hdafF
393 hFf
363 hdaf
360 hadFR
bro node.cfg
[manager]
type=manager
host=localhost
[proxy-1]
type=proxy
host=localhost
[proxy-2]
type=proxy
host=localhost
[br0]
type=worker
host=localhost
interface=br0
lb_method=pf_ring
lb_procs=8
pin_cpus=2,3,4,5,6,7,8,9
bro network.cfg
network NIC and bridge setup:
rmmod igb && modprobe igb
modprobe pf_ring transparent_mode=0 enable_tx_capture=1
ifconfig eth4 down
ethtool -K eth4 rx off
ethtool -K eth4 tx off
ethtool -K eth4 sg off
ethtool -K eth4 tso off
ethtool -K eth4 gso off
ethtool -K eth4 gro off
ifconfig eth4 mtu 1514
ifconfig eth5 down
ethtool -K eth5 rx off
ethtool -K eth5 tx off
ethtool -K eth5 sg off
ethtool -K eth5 tso off
ethtool -K eth5 gso off
ethtool -K eth5 gro off
ifconfig eth5 mtu 1514
brctl addbr br0
brctl addif br0 eth4
ifconfig eth4 promisc up -multicast
brctl addif br0 eth5
ifconfig eth5 promisc up -multicast
ethtool stp br0 on
ethtool -K br0 sg off
ethtool -K br0 tso off
ethtool -K br0 gso off
ethtool -K br0 gro off
ethtool -K br0 lro off
ethtool -K br0 rxvlan off
ethtool -K br0 txvlan off
ifconfig br0 mtu 1514
ifconfig br0 promisc up -multicast