Hi,
I'm building a full packet capture IDS setup, using Security Onion
(hence pf_ring).
Every time I start snort I get a long kernel stack trace and a kernel
panic - literally in seconds.
The full panic capture is here: http://pastebin.com/sgLMrr49
Details:
It's a HP 360 G8 server with dual CPUs (12 cores), HT enabled, 16 GB of
RAM running Ubuntu 12.04. The system is updated, kernel 3.2.0-39-generic.
pf_ring version 5.5.2
NICs - two Intel X520-1 (82599EB chipset).
Traffic (more or less) - eth4 250Mbit/sec, 50Kpps. eth5 2Gbit/sec and
250Kpps.
The traffic is mirrored from a load balancers.
The same result is with distribution bundled drivers and hand build
3.14.5 loaded with LRO=0
Ethtool options are:
rx 4096
rx, tx, sg, tso, ufo, gso, lro - off
What's interesting - I've once tried running the kernel as UP (nosmp
option during boot) and the system was stable (and crawling).
_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
