Last active
January 15, 2016 20:22
-
-
Save JustinAzoff/4cfe3995013225d1d119 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # A plugin to setup capture interfaces | |
| # The plugin is off by default. To enable it, add "interfacesetup.enabled=1" to broctl.cfg. | |
| # | |
| import BroControl.plugin | |
| class InterfaceSetupPlugin(BroControl.plugin.Plugin): | |
| def __init__(self): | |
| super(InterfaceSetupPlugin, self).__init__(apiversion=1) | |
| def name(self): | |
| return "InterfaceSetupPlugin" | |
| def prefix(self): | |
| return "interfacesetup" | |
| def pluginVersion(self): | |
| return 1 | |
| def init(self): | |
| if self.getOption("enabled") == "0": | |
| return False | |
| return True | |
| def options(self): | |
| return [("mtu", "int", "9710", "Interface MTU"), | |
| ("enabled", "string", "0", "Set to enable plugin")] | |
| def cmd_start_pre(self, nodes): | |
| if not nodes: | |
| return | |
| mtu = self.getOption("mtu") | |
| self.message("InterfaceSetupPlugin: mtu=%s" % (mtu)) | |
| host_nodes = {} | |
| for n in nodes: | |
| if n.interface: | |
| host_nodes[(n.host, n.interface)] = n | |
| cmds = [] | |
| for n in host_nodes.values(): | |
| cmd = "/sbin/ifconfig %s up mtu %s" % (n.interface, mtu) | |
| cmds.append((n, cmd)) | |
| cmd = "/sbin/ethtool -K %s gro off lro off rx off tx off gso off" % (n.interface) | |
| cmds.append((n, cmd)) | |
| self.executeParallel(cmds) |
Thanks.. that is helpful. We have a ticket now to try to get this included in bro: https://bro-tracker.atlassian.net/browse/BIT-1515
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi Justin,
Regarding the ethtool invocation, I seem to remember an issue with certain NICs where the command might fail when trying to set multiple options at one time.
http://blog.securityonion.net/2011/10/when-is-full-packet-capture-not-full.html
"You can set multiple options in one "ethtool" command, but this can be problematic if your card doesn't support all of the settings."
Here is what we do in Security Onion that has been working well for a few years now:
for i in rx tx sg tso ufo gso gro lro; do ethtool -K $IFACE $i off; done
Hope that helps!