vishal_nitr wrote:
> Hi All,
>
whenever I use a "reject" rule I am getting an error "packet recv contents
failure: No buffer space available". and snort-inline is hanging
with this message and also there are lot of logs dumped in my log
directory .
> To overcome this problem somewhere in "Inliniac.com" I saw a post that we
should change default buffer size to 8388608 and tcp buffer size to 1048576
4194304 16777216. I tried by changing to these values but it's not
working.
> When I debugged this problem I narrowed down to a function
> HandlePacket() which is causing some loop inside and leading for lot of
> logs and hanging the snort.
> Is there any solution to this ?
> I am using snort_inline-2.6.1.5 with NFQUEUE.
Try
cat /proc/net/netlink
and see where the memory is piling up.
Logs? Which logs? How are you logging? You may have other problems, such as
insufficient processor, rules that are taking too long, etc.
You might want to set the mem sizes up:
/sbin/sysctl -w net.ipv4.tcp_mem='8388608 8388608 8388608'
/sbin/sysctl -w net.ipv4.tcp_wmem='8388608 8388608 8388608'
/sbin/sysctl -w net.ipv4.tcp_rmem='8388608 8388608 8388608'
/sbin/sysctl -w net.core.rmem_default=8388608
/sbin/sysctl -w net.core.wmem_default=8388608
/sbin/sysctl -w net.core.rmem_max=33554432
/sbin/sysctl -w net.core.wmem_max=16777216
Dave
--
"Of course, someone who knows more about this will correct me if I'm
wrong, and someone who knows less will correct me if I'm right."
David Palmer (pa...@ty...)
--
"Of course, someone who knows more about this will correct me if I'm
wrong, and someone who knows less will correct me if I'm right."
David Palmer (pa...@ty...)
|
