[Oisf-users] Suricata+Netmap IPS stops passing packets after approx 10 seconds
Brandon Reeves
brandonreeves at outlook.com
Sat Sep 3 18:30:13 UTC 2016
We have got suricata+netmap working in IPS mode. Once we bring it up, we can ping through the device as if it wasnt there. However, within a few seconds of receiving traffic, all packets stop passing across suricata. This means that all traffic outbound + inbound also stop. All we have to do is restart suricata and the issue repeats. We have tried multiple versions of FreeBSD as well as suricata and the same issue appears. We have done little to tune the default suricata.yaml since we have been combating this issue other than configuring the interfaces. We have also used the default suricata.yaml from 3.0 and 3.1.1.
Compile Options
--enable-geoip --enable-netmap --localstatedir=/var/
Config + setup(s):
Suricata 3.0 Release
Suricata 3.1.1 Release
FreeBSD 10.3 Release (Custom kernel + netmap compiled)
FreeBSD 11 RC2 (netmap built-in no customization)
Silicom PEG4i Quad Gigabit Bypass Card
8 Core i7
32GB Memory
Interface config: suricata.yaml
- interface: em5
threads: auto
copy-mode: ips
copy-iface: em4
disable-promisc: no
checksum-checks: auto
- interface: em4
threads: auto
copy-mode: ips
copy-iface: em5
disable-promisc: no
checksum-checks: auto
Please advise on how I can troubleshoot this issue
Thanks
Brandon
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20160903/4819d32b/attachment.html>
More information about the Oisf-users
mailing list