Kernel

Not usual setup can lead to surprise The 5th of December 2012, I’ve setup suricata in AF_PACKET IPS mode between a WiFi interface and an Ethernet interface. The result was surprising as it was leading to a crash after some time: The issue was linked with the defrag option of AF_PACKEt fanout. I’ve proposed a patch the 7th Dec 2012 and after a discussion with David Miller and Johannes Berg, Johannes has proposed a better patch which was included in official tree. So the problem is fixed for kernel superior or equal to 3.7. ...

Introduction Kernel oops have been reported by some users running Suricata with AF_PACKET multiple thread capture activated. This is due to a bug I’ve introduced in AF_PACKET when fixing an other bug. Which kernel not to use with Suricata in AF_PACKET mode The following kernel version will surely crash if Suricata or any other program is used with AF_PACKET capture with multiple capture threads: Linux 3.2.30 to 3.2.33 Linux 3.4.12 to 3.4.18 Linux 3.5.5 to 3.5.7 Linux 3.6.0 to 3.6.6 If only one capture thread is used there is no risk of crash. If you are running a vulnerable kernel, your configuration should looks like: ...

I was looking for some minimal Linux kernel configuration for Virtualbox guest and did only find some old one. I thus decide to build one and to publish them. They are available on github: regit-config For now, the only published configuration are for Linux kernel 3.5: config-3.5-vbox: A minimal Linux kernel config for Virtualbox config-3.5-vbox-no-netfilter: Same as previous config with Netfilter disabled