[Bro] Bro node.cfg not setting Myricom Sniffer10G environment variables

Chris Chiaverini cchiaverini at bnl.gov
Tue Jun 20 08:00:08 PDT 2017 

Justin,

Looks like it was able to set it successfully at the shell (disregard 
the last line, I did not change the APP_ID from running process):

# SNF_APP_ID=10 SNF_FLAGS=0x1 SNF_NUM_RINGS=8 SNF_DEBUG_MASK=3 
SNF_DATARING_SIZE=4294967296 SNF_DESCRING_SIZE=1073741824 tcpdump -n -i 
snf0 -c 1
61474 snf.0.-1 P (userset)              SNF_PORTNUM = 0
61474 snf.0.-1 P (default)              SNF_RING_ID = -1 (0xffffffff)
61474 snf.0.-1 P (environ)            SNF_NUM_RINGS = 8 (0x8)
61474 snf.0.-1 P (default)            SNF_RSS_FLAGS = 49 (0x31)
61474 snf.0.-1 P*(environ)        SNF_DATARING_SIZE = 4294967296 
(0x100000000) (4096.0 MiB)*
61474 snf.0.-1 P (environ)        SNF_DESCRING_SIZE = 1073741824 
(0x40000000) (1024.0 MiB)
61474 snf.0.-1 P (userset)                SNF_FLAGS = 1 (0x1)
61474 snf.0.-1 P (environ)           SNF_DEBUG_MASK = 3 (0x3)
61474 snf.0.-1 P (default)       SNF_DEBUG_FILENAME = stderr
61474 snf.0.-1 P (environ)               SNF_APP_ID = 10 (0xa)
61474 snf.0.-1 P SNF_DEBUG_MASK=0x3 for modes WARN=0x1, PARAM=0x2 
QSTATS=0x4  TIMESYNC=0x8  IOCTL=0x10  QEVENTS=0x20  ARISTA=0x40
61474 snf.0.-1 P lib    version=3.0.11.50818 
build=snf-3.0.11.50818_07ecd3440 03/16/17_08:43 07ecd3440
61474 snf.0.-1 P kernel version=3.0.11.50818 
build=snf-3.0.11.50818_07ecd3440 03/16/17_08:43 07ecd3440
61474 snf.0.-1 P        pqstate [  0x7fabade7e000.. 0x7fabade80000) 
size     8 KiB         8192 (0x2000)
61474 snf.0.-1 P      desc_ring [  0x7fab9c824000.. 0x7fabac824000) 
size   256 MiB    268435456 (0x10000000)
61474 snf.0.-1 P      data_ring [  0x7fab94c14000.. 0x7fab9c824000) 
size   124 MiB    130088960 (0x7c10000)
61474 snf.0.-1 P pq_init: desc[seq=216,ev_idx=222869,cnt=105364809365]
tcpdump: snf_ring_open_id(ring=-1) failed: Device or resource busy
#

Regards,

Chris Chiaverini
Cyber Security Operations
Brookhaven National Laboratory
Upton, New York 11973

On 06/20/2017 09:46 AM, Azoff, Justin S wrote:
>> On Jun 20, 2017, at 9:27 AM, Chris Chiaverini <cchiaverini at bnl.gov> wrote:
>>
>> It seems that bro 2.5.1 is not taking the SNF_DATARING_SIZE variable, no matter what I set it to.
>>
>> When at the defaults in the /etc/bro/node.cfg and with nothing set at the shell, it still reports it is set via "userset" instead of "default" like SNF_DESCRING_SIZE.
> Can you do this quick test using tcpdump to verify the problem is with bro/broctl or something with the myricom driver/library?
>
> SNF_APP_ID=10 SNF_FLAGS=0x1 SNF_NUM_RINGS=8 SNF_DEBUG_MASK=3 SNF_DATARING_SIZE=4294967296 SNF_DESCRING_SIZE=1073741824 tcpdump -n -i snf0 -c 1
>
> When I run that I get
>
> 23681 snf.0.-1 P (userset)              SNF_PORTNUM = 0
> 23681 snf.0.-1 P (default)              SNF_RING_ID = -1 (0xffffffff)
> 23681 snf.0.-1 P (environ)            SNF_NUM_RINGS = 8 (0x8)
> 23681 snf.0.-1 P (default)            SNF_RSS_FLAGS = 49 (0x31)
> 23681 snf.0.-1 P (environ)        SNF_DATARING_SIZE = 4294967296 (0x100000000) (4096.0 MiB)
> 23681 snf.0.-1 P (environ)        SNF_DESCRING_SIZE = 1073741824 (0x40000000) (1024.0 MiB)
> 23681 snf.0.-1 P (userset)                SNF_FLAGS = 1 (0x1)
> 23681 snf.0.-1 P (environ)           SNF_DEBUG_MASK = 3 (0x3)
> 23681 snf.0.-1 P (default)       SNF_DEBUG_FILENAME = stderr
> 23681 snf.0.-1 P (environ)               SNF_APP_ID = 10 (0xa)
>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170620/a6cd9071/attachment-0001.html

More information about the Bro mailing list