[Oisf-users] Suricata + Netmap IPS - kernel drop packets
Oliver Humpage
oliver at watershed.co.uk
Thu Mar 1 13:52:27 UTC 2018
> On 1 Mar 2018, at 13:13, Victor Julien <lists at inliniac.net> wrote:
>
> On 15-02-18 10:55, Vincent wrote:
>> I want to suricata to perform a first filter and return traffic to the
>> kernel to process it with iptables
>
> The netmap IPS mode is designed to use 2 interfaces. A single interface
> setup is not supported.
I thought the “+” notation, as the OP is using, allows a packet to return to the same interface for further processing? We use this (on FreeBSD) and it works perfectly, and even allows us to filter packets with pf. Not using Linux I’ve not tested it with iptables.
Vincent, do you have a second netmap section for the return packets, i.e.
interface: eth1+
...
copy-iface: eth1
I can’t quite make out from the original message what the problem is, but this would be my first step in troubleshooting. Also, make sure all checksum offloading is OFF on the interface driver.
Oliver.
More information about the Oisf-users
mailing list