I have 4 cores and i get error EAL ：lcore 4 unavailable EAL： invalid coremask

[Shylockyk]

Is your feature request related to a problem? Please describe. I follow all your step on readme, and I run hellowold & l2fwd successfully.But when I run $suricata -c suricata.yaml --dpdkintel even just $suricata , It shows:

EAL: Detected 4 lcore(s) EAL: lcore 4 unavailable EAL: invalid coremask

Usage: suricata [options]

EAL common options: -c COREMASK Hexadecimal bitmask of cores to run on -l CORELIST List of cores to run on ...

EAL Linux options: ... EAL: FATAL: Invalid 'command line' arguments. EAL: Invalid 'command line' arguments. 10/10/2019 -- 18:56:02 - - [ERRCODE: SC_ERR_MISSING_CONFIG_PARAM(118)] - DPDK EAL init -1 PANIC in dpdkEalInit(): ERROR: Cannot init EAL 6: [suricata(_start+0x2a) [0x55724d08a55a]] 5: [/lib/x86_64-linux-gnu/libc.so.6(libc_start_main+0xe7) [0x7fd278fe5b97]] 4: [suricata(main+0x187) [0x55724d086d77]] 3: [suricata(dpdkEalInit+0xf7) [0x55724d2245c7]] 2: [suricata(rte_panic+0xc5) [0x55724d082c9a]] 1: [suricata(rte_dump_stack+0x2e) [0x55724d29461e]] Aborted (core dumped)

and whether I bind the uio driver to the NIC,the result is same.

Additional context my environment: OS:5.0.0-31-generic #33~18.04.1-Ubuntu SMP Tue Oct 1 10:20:39 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux gcc:gcc version 7.4.0 (Ubuntu 7.4.0-1ubuntu1~18.04.1) DPDK Version 17.11.3

here is my config.log: config.log

[vipinpv85]

from your logs we can see

EAL: Detected 4 lcore(s)
EAL: lcore 4 unavailable
EAL: invalid coremask

EAL: FATAL: Invalid 'command line' arguments.
EAL: Invalid 'command line' arguments.

I would start checking the same

[vipinpv85]

core mask used in application "-c","0x1e"

please check if you have the corresponding cpu to represent the core mask

[Shylockyk]

core mask used in application "-c","0x1e"

please check if you have the corresponding cpu to represent the core mask

It means at least 5 lcores? My machine only has 4 lcores.

[vipinpv85]

It means at least 5 lcores? answer> no it does not, as core mask "-c 0x1e" is represented "‭00011110‬" in binary which are 4 cores.

My machine only has 4 lcores. Answer> as suspected from the logs, the following can be an easy fix for your environment. In file src/util-dpdk-setup.c line 30 you can edit argument[EAL_ARGS] for index 1 and 2 as

1. "-c","0xf" or
2. "-l","0-3"
3. "--lcores","(0-3)@3"

[Shylockyk]

ok.. Thanks!

[Shylockyk]

Hi, May I ask why you set args with "-c","0x1e"? why not just "-c","0xf"....

[vipinpv85]

May I ask why you set args with "-c","0x1e"? why not just "-c","0xf".... Answer> most time core 0 is os core which handles interrupt, default application launch and non isolated cores (in grub config). Hence it is worthwhile to run on cores other than 0.

[Shylockyk]

So ... It seems that set args with "-c", "0xe" is better? I don't know if I understand correctly.

[Shylockyk]

11/10/2019 -- 11:20:42 - - This is Suricata version 3.0 RELEASE 11/10/2019 -- 11:20:55 - - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/rules/tls-events.rules 11/10/2019 -- 11:20:55 - - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/rules/app-layer-events.rules 11/10/2019 -- 11:20:57 - - [ERRCODE: SC_ERR_NOT_SUPPORTED(225)] - Eve-log support not compiled in. Reconfigure/recompile with libjansson and its development files installed to add eve-log support. 11/10/2019 -- 11:20:57 - - DPDK Version: DPDK 17.11.3 11/10/2019 -- 11:20:57 - - ----- Global DPDK-INTEL Config ----- 11/10/2019 -- 11:20:57 - - Number Of Ports : 2 11/10/2019 -- 11:20:57 - - Operation Mode : IPS 11/10/2019 -- 11:20:57 - - Port:0, Map:1 11/10/2019 -- 11:20:57 - - Port:1, Map:0 11/10/2019 -- 11:20:57 - - ------------------------------------ 11/10/2019 -- 11:20:57 - - ----- Match Pattern ---- 11/10/2019 -- 11:20:57 - - http: 12205 11/10/2019 -- 11:20:57 - - ftp: 59 11/10/2019 -- 11:20:57 - - tls: 1094 11/10/2019 -- 11:20:57 - - dns: 880 11/10/2019 -- 11:20:57 - - smtp: 59 11/10/2019 -- 11:20:57 - - ssh: 3 11/10/2019 -- 11:20:57 - - smb: 37 11/10/2019 -- 11:20:57 - - smb2: 0 11/10/2019 -- 11:20:57 - - dcerpc:0 11/10/2019 -- 11:20:57 - - tcp: 17940 11/10/2019 -- 11:20:57 - - udp: 2967 11/10/2019 -- 11:20:57 - - sctp: 499 11/10/2019 -- 11:20:57 - - icmpv6:539 11/10/2019 -- 11:20:57 - - gre: 499 11/10/2019 -- 11:20:57 - - raw: 499 11/10/2019 -- 11:20:57 - - ipv4: 0 11/10/2019 -- 11:20:57 - - * ipv6: 5 11/10/2019 -- 11:20:57 - - ----------------------- 11/10/2019 -- 11:20:57 - - all 2 packet processing threads, 4 management threads initialized, engine started. 11/10/2019 -- 11:20:57 - - master_lcore 0 lcore_count 4 11/10/2019 -- 11:20:57 - - cpuIndex 2 lcore_id 1 11/10/2019 -- 11:20:57 - - port IN 0 OUT 1, core 1, enable 1, socket 0 phy 0 11/10/2019 -- 11:20:57 - - DPDK Started in IPS Mode!!!

and it means I run successfully? except the libjansson problem and two rules files.

[Shylockyk]

dpdkintel:

inputs:

• interface: 0 copy-interface: 1

  for ids you can ignore copy-interface

• interface: 1 copy-interface: 0

  for ids you can ignore copy-interface

  Select dpdk intel operation mode ips|ids|bypass

  opmode: ips

  opmode: ids

I forget the suricata.yaml is overwrited.. but set 0 and 1 is fine?

Sorry about that I ask so many questions!!!

[vipinpv85]

So ... It seems that set args with "-c", "0xe" is better? I don't know if I understand correctly.

you can use what you like, as long there are sufficent cores for your interfaces

[vipinpv85]

11/10/2019 -- 11:20:42 - - This is Suricata version 3.0 RELEASE 11/10/2019 -- 11:20:55 - - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/rules/tls-events.rules 11/10/2019 -- 11:20:55 - - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/rules/app-layer-events.rules 11/10/2019 -- 11:20:57 - - [ERRCODE: SC_ERR_NOT_SUPPORTED(225)] - Eve-log support not compiled in. Reconfigure/recompile with libjansson and its development files installed to add eve-log support. 11/10/2019 -- 11:20:57 - - DPDK Version: DPDK 17.11.3 11/10/2019 -- 11:20:57 - - ----- Global DPDK-INTEL Config ----- 11/10/2019 -- 11:20:57 - - Number Of Ports : 2 11/10/2019 -- 11:20:57 - - Operation Mode : IPS 11/10/2019 -- 11:20:57 - - Port:0, Map:1 11/10/2019 -- 11:20:57 - - Port:1, Map:0 11/10/2019 -- 11:20:57 - - ------------------------------------ 11/10/2019 -- 11:20:57 - - ----- Match Pattern ---- 11/10/2019 -- 11:20:57 - - http: 12205 11/10/2019 -- 11:20:57 - - ftp: 59 11/10/2019 -- 11:20:57 - - tls: 1094 11/10/2019 -- 11:20:57 - - dns: 880 11/10/2019 -- 11:20:57 - - smtp: 59 11/10/2019 -- 11:20:57 - - ssh: 3 11/10/2019 -- 11:20:57 - - smb: 37 11/10/2019 -- 11:20:57 - - smb2: 0 11/10/2019 -- 11:20:57 - - dcerpc:0 11/10/2019 -- 11:20:57 - - tcp: 17940 11/10/2019 -- 11:20:57 - - udp: 2967 11/10/2019 -- 11:20:57 - - sctp: 499 11/10/2019 -- 11:20:57 - - icmpv6:539 11/10/2019 -- 11:20:57 - - gre: 499 11/10/2019 -- 11:20:57 - - raw: 499 11/10/2019 -- 11:20:57 - - ipv4: 0 11/10/2019 -- 11:20:57 - - * ipv6: 5 11/10/2019 -- 11:20:57 - - ----------------------- 11/10/2019 -- 11:20:57 - - all 2 packet processing threads, 4 management threads initialized, engine started. 11/10/2019 -- 11:20:57 - - master_lcore 0 lcore_count 4 11/10/2019 -- 11:20:57 - - cpuIndex 2 lcore_id 1 11/10/2019 -- 11:20:57 - - port IN 0 OUT 1, core 1, enable 1, socket 0 phy 0 11/10/2019 -- 11:20:57 - - DPDK Started in IPS Mode!!!

and it means I run successfully? except the libjansson problem and two rules files.

for libjansson, you have to configure the same. for rules you have sort out the missing dependencies

[vipinpv85]

dpdkintel:

inputs:

• interface: 0 copy-interface: 1

  for ids you can ignore copy-interface

• interface: 1 copy-interface: 0

  for ids you can ignore copy-interface

Select dpdk intel operation mode ips|ids|bypass

opmode: ips

opmode: ids

I forget the suricata.yaml is overwrited.. but set 0 and 1 is fine?

if you have 2 interfaces (this can be checked with --list-dpdkports), then yes.

Sorry about that I ask so many questions!!!

[Shylockyk]

Thank you very very much!! You are so kind!!