[Oisf-users] [Osif-users] suricata 4.0.5 af-packet mode not bridging packet
Andreas Herz
andi at geekosphere.org
Mon Oct 29 21:03:05 UTC 2018
On 25/10/18 at 15:28, kavi perumal wrote:
> Hi All,
>
> I am using suricata 4.0.5 in a docker envt. running suricata in af-packet
> based IPS mode.
> suricata is not bridging packets.
>
> Topology:
>
> [eth0]--------suricata--------[br0] (br0.11 {192.168.1.1)
>
> When i try to ping from external VM to IP 192.168.1.1 i am able to see the
> packets at eth0 but not able to see the packets on br0.
>
> Can you please let me know am i doing something wrong? (or) how to check
> whether suricata is dropping packet/not?
Can you look into the stats log?
Does it work when you use IDS mode?
> suricata.yaml:
> af-packet:
> - interface: eth0
> threads: 1
> defrag: yes
> cluster-type: cluster_flow
> cluster-id: 98
> copy-mode: ips
> copy-iface: br0
> buffer-size: 64535
> use-mmap: yes
> - interface: br0
> threads: 1
> cluster-id: 97
> defrag: yes
> cluster-type: cluster_flow
> copy-mode: ips
> copy-iface: eth0
> buffer-size: 64535
> use-mmap: yes
>
>
> Regards
> -Kavi Perumal G.
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/
--
Andreas Herz
More information about the Oisf-users
mailing list