After installing Suricata, some fine tuning of the network interface(s) used in the traffic capture is required to ensure the best performance of the new IDPS installation. Those configurations need to be persisted when the system is power cycled. To do that on a Enterprise Linux based OS (RedHat, CentOS, Fedora, etc.) one can leverage the /sbin/ifup-local script.
Created
April 8, 2018 12:39
-
-
Save wanlebing/9eca4868ae2d88e9ce453b8b7a916485 to your computer and use it in GitHub Desktop.
RX/TX Buffers, Flow Hash and Others on Boot
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Create the file | |
| touch /sbin/ifup-local | |
| # Make it executable | |
| chmod +x /sbin/ifup-local |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| set_buffers() { | |
| # Get the hardware RX/TX maximum and current | |
| PRESET=$(ethtool -g $1 | tr '\n' ' ' | sed 's/.*RX:\s\+\([0-9]\+\).*TX:\s\+\([0-9]\+\).*RX:\s\+\([0-9]\+\).*TX:\s\+\([0-9]\+\).*/\1 \2 \3 \4/g') | |
| # Set receive and trasmit buffers to the hardware maximum | |
| ethtool -G $1 rx $(echo $PRESET | cut -f 1 -d " ") tx $(echo $PRESET | cut -f 2 -d " ") | |
| } | |
| balance_flowhash() { | |
| # Balance evenly per CPU | |
| ethtool -X $1 equal $(cat /proc/cpuinfo | grep processor | wc -l) | |
| } | |
| set_affinity() { | |
| MAX=$(cat /proc/cpuinfo | grep processor | wc -l) | |
| # Since the receive/transmit interrupts name index starts at 0, subtract 1 from the maximum | |
| let "MAX=$MAX-1" | |
| # The mask that will define the affinity | |
| MASK=1 | |
| for INDEX in $(seq 0 1 $MAX); do | |
| IRQ=$(cat /proc/interrupts | grep $1-rxtx-$INDEX"$" | sed 's/\s\([0-9]\+\)\(.*\)/\1/g') | |
| # Apply the mask to the current IRQ | |
| printf "%X" $MASK > /proc/irq/$IRQ/smp_affinity | |
| # Duplicate the next mask value | |
| let "MASK=$MASK+$MASK" | |
| done | |
| } | |
| turnoff_offloading() { | |
| ethtool -K $1 rx off | |
| ethtool -K $1 tx off | |
| ethtool -K $1 sg off | |
| ethtool -K $1 tso off | |
| ethtool -K $1 gso off | |
| ethtool -K $1 gro off | |
| ethtool -K $1 lro off | |
| ethtool -K $1 rxvlan off | |
| ethtool -K $1 txvlan off | |
| ethtool -K $1 rxhash off | |
| } | |
| case "$1" in | |
| eth1) | |
| # Update the receive and transmit buffers | |
| set_buffers $1 | |
| # Balance receive flow hash indirection table | |
| balance_flowhash $1 | |
| # Set CPU affinity for the interrupts | |
| set_affinity $1 | |
| # Offloading features | |
| turnoff_offloading $1 | |
| ;; | |
| esac | |
| exit 0 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Verify the send and receive buffers, note how the current hardware values are the same as the pre-set maximum values | |
| ethtool -g eth1 | |
| # Ring parameters for eth1: | |
| # Pre-set maximums: | |
| # RX: 4096 | |
| # RX Mini: 0 | |
| # RX Jumbo: 0 | |
| # TX: 4096 | |
| # Current hardware settings: | |
| # RX: 4096 | |
| # RX Mini: 0 | |
| # RX Jumbo: 0 | |
| # TX: 4096 | |
| # Verify the flow hash indirection table | |
| ethtool -x eth1 | |
| # RX flow hash indirection table for eth1 with 8 RX ring(s): | |
| # 0: 0 1 2 3 4 5 6 7 | |
| # 8: 0 1 2 3 4 5 6 7 | |
| # 16: 0 1 2 3 4 5 6 7 | |
| # 24: 0 1 2 3 4 5 6 7 | |
| # Verify that the IRQ affinity is set correctly, the output bellow shows only the first 4 CPU's | |
| cat /proc/interrupts | grep 'CPU\|eth1' | |
| # CPU0 CPU1 CPU2 CPU3 (...) | |
| # 65: 107325835 0 3 0 eth1-rxtx-0 | |
| # 66: 0 150380495 0 2 eth1-rxtx-1 | |
| # 67: 0 0 107109972 0 eth1-rxtx-2 | |
| # 68: 0 0 0 91046195 eth1-rxtx-3 | |
| # (...) | |
| # Verify that the offloading features are off | |
| ethtool -k eth1 | |
| # Features for eth1: | |
| # rx-checksumming: off | |
| # tx-checksumming: off | |
| # tx-checksum-ipv4: off [fixed] | |
| # tx-checksum-ip-generic: off | |
| # tx-checksum-ipv6: off [fixed] | |
| # tx-checksum-fcoe-crc: off [fixed] | |
| # tx-checksum-sctp: off [fixed] | |
| # scatter-gather: off | |
| # tx-scatter-gather: off | |
| # tx-scatter-gather-fraglist: off [fixed] | |
| # tcp-segmentation-offload: off | |
| # tx-tcp-segmentation: off | |
| # tx-tcp-ecn-segmentation: off [fixed] | |
| # tx-tcp6-segmentation: off | |
| # udp-fragmentation-offload: off [fixed] | |
| # generic-segmentation-offload: off | |
| # generic-receive-offload: off | |
| # large-receive-offload: off | |
| # rx-vlan-offload: off | |
| # tx-vlan-offload: off | |
| # (...) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment