d82k
n00b
Joined: 01 Nov 2007
Posts: 27
|
 Posted: Fri Mar 07, 2008 8:29 am Post subject: Increase UDP receive buffer |
 |
|
Hi everybody!
I have some problems with netfilter and snort inline.
The traffic I need to monitor with snort is putted in queue with iptables rules, everything works perfectly.
I must make some test in order to calculate performances, so I have tried to attack my machine with a floodtool (which it sends udp packets) but almost immediately I receive this error "IpqLoop: : Failed to receive netlink message: No buffer space available".
The result is: floding with 1800pkt/s in 1 second only 1400 are analyzed ( 10 sec only 13600)!
[I need to make snort analyze all the packets that are received by the network interface and evaluate the maximum speed, i have both a fast link and a fast cpu]
Searching on the net I discovered that is probably a buffer problem...
I have tried to solve it using sysctl to edit rmem_default/max, wmem_default/max and ip_queue values, but I'm not sure i did the right thing: the problem still remains.
by the way increasing too much these values, performances .
| Code: |
cat /proc/net/ip_queue
Peer PID : 0
Copy mode : 0
Copy range : 0
Queue length : 0
[b]Queue max. length : 1024[/b]
Queue dropped : 0
[b]Netlink dropped : 195422[/b] |
I have also read that maybe has to be modified the SO_RCVBUF, but I dunno how to do it..
any ideas?
thankyou for your time and help!
dk |
|
Kernel & Hardware
