https://home.regit.org/tags/kernel/ Recent content in Kernel on To Linux and beyond ! Hugo fr Tue, 26 Mar 2013 15:24:45 +0000 https://home.regit.org/2013/03/wifi-interface-and-suricata-af_packet-ips-mode/ Tue, 26 Mar 2013 15:24:45 +0000 https://home.regit.org/2013/03/wifi-interface-and-suricata-af_packet-ips-mode/ <h4 id="not-usual-setup-can-lead-to-surprise">Not usual setup can lead to surprise</h4> <p>The 5th of December 2012, I’ve setup suricata in AF_PACKET IPS mode between a WiFi interface and an Ethernet interface. The result was surprising as it was leading to a crash after some time:<br> <a href="https://home.regit.org/uploads/2013/03/IMG_20130326_150421.jpg"><img loading="lazy" decoding="async" src="https://home.regit.org/uploads/2013/03/IMG_20130326_150421-300x225.jpg" alt="" title="IMG_20130326_150421" width="300" height="225" class="aligncenter size-medium wp-image-1613" srcset="https://home.regit.org/uploads/2013/03/IMG_20130326_150421-300x225.jpg 300w, https://home.regit.org/uploads/2013/03/IMG_20130326_150421-1024x768.jpg 1024w" sizes="auto, (max-width: 300px) 85vw, 300px" /></a></p> <p>The issue was linked with the defrag option of AF_PACKEt fanout. I’ve proposed a <a href="http://comments.gmane.org/gmane.linux.network/251955">patch the 7th Dec 2012</a> and after a discussion with David Miller and Johannes Berg, Johannes has proposed a <a href="https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1bf3751ec90cc3174e01f0d701e8449ce163d113">better patch which was included in official tree</a>. So the problem is fixed for kernel superior or equal to 3.7.</p> https://home.regit.org/2012/12/af-packet-oops/ Wed, 05 Dec 2012 10:38:19 +0000 https://home.regit.org/2012/12/af-packet-oops/ <h4 id="introduction">Introduction</h4> <p>Kernel oops have been reported by some users running Suricata with AF_PACKET multiple thread capture activated. This is due to a bug I’ve introduced in AF_PACKET when fixing an other bug.</p> <h4 id="which-kernel-not-to-use-with-suricata-in-af_packet-mode">Which kernel not to use with Suricata in AF_PACKET mode</h4> <p>The following kernel version will surely crash if Suricata or any other program is used with <strong>AF_PACKET</strong> capture <strong>with multiple capture threads</strong>:</p> <ul> <li>Linux 3.2.30 to 3.2.33</li> <li>Linux 3.4.12 to 3.4.18</li> <li>Linux 3.5.5 to 3.5.7</li> <li>Linux 3.6.0 to 3.6.6</li> </ul> <p>If only one capture thread is used there is no risk of crash. If you are running a vulnerable kernel, your configuration should looks like:</p> https://home.regit.org/2012/08/minimal-linux-kernel-config-for-virtualbox/ Fri, 17 Aug 2012 08:23:28 +0000 https://home.regit.org/2012/08/minimal-linux-kernel-config-for-virtualbox/ <p>I was looking for some minimal Linux kernel configuration for Virtualbox guest and did only find some old one. I thus decide to build one and to publish them.<br> They are available on github: <a href="https://github.com/regit/regit-config">regit-config</a></p> <p>For now, the only published configuration are for Linux kernel 3.5:</p> <ul> <li><a href="https://github.com/regit/regit-config/raw/master/virtualbox/config-3.5-vbox">config-3.5-vbox</a>: A minimal Linux kernel config for Virtualbox</a></li> <li><a href="https://github.com/regit/regit-config/raw/master/virtualbox/config-3.5-vbox-no-netfilter">config-3.5-vbox-no-netfilter</a>: Same as previous config with Netfilter disabled</a></li> </ul>