5.2.1 + snort, dropping packets
Sergey Lyubka
devnull at uptsoft.com
Mon May 24 03:02:00 PDT 2004
hackers,
I am running snort on 5.2.1-RELEASE, and I am getting high
dropped packets rate. traffic is quiet, about 1kpps, the box runs on xeon
processor, intel gigabit NICs (em driver), system load is low:
CPU states: 1.9% user, 5.1% nice, 1.6% system, 4.7% interrupt, 86.8% idle
Mem: 121M Active, 97M Inact, 75M Wired, 736K Cache, 60M Buf, 201M Free
Swap: 512M Total, 512M Free
I have tried:
o both SMP and UP kernels
o both SCHED_ULE and SCHED_4BSD options
o libpcap libs versions 0.7 and 0.8.3
o 5.2.1-RELEASE and -current kernels
o DEVICE_POLLING option
o sysctl debug.bpf_bufsize set to maximum of 524288
and still having dropped packets.
I am having a much lower spec box, running obsd 3.2, same snort configuration,
capturing the same traffic. obsd shows constant 0 dropped packets.
How would I fix that problem?
More information about the freebsd-hackers
mailing list