[Oisf-users] [Osif-users] suricata 4.0.5 af-packet mode not bridging packet

kavi perumal kaviperumal22 at gmail.com
Tue Oct 30 07:30:08 UTC 2018


Hi Andi,

nope - it didn't work. i tried even in IDS mode. (tap).

Regards
-Kavi Perumal G.

On Tue, Oct 30, 2018 at 2:33 AM Andreas Herz <andi at geekosphere.org> wrote:

> On 25/10/18 at 15:28, kavi perumal wrote:
> > Hi All,
> >
> > I am using suricata 4.0.5 in a docker envt. running suricata in af-packet
> > based IPS mode.
> > suricata is not bridging packets.
> >
> > Topology:
> >
> >  [eth0]--------suricata--------[br0] (br0.11 {192.168.1.1)
> >
> > When i try to ping from external VM to IP 192.168.1.1 i am able to see
> the
> > packets at eth0 but not able to see the packets on br0.
> >
> > Can you please let me know am i doing something wrong? (or) how to check
> > whether suricata is dropping packet/not?
>
> Can you look into the stats log?
> Does it work when you use IDS mode?
>
> > suricata.yaml:
> > af-packet:
> >   - interface: eth0
> >     threads: 1
> >     defrag: yes
> >     cluster-type: cluster_flow
> >     cluster-id: 98
> >     copy-mode: ips
> >     copy-iface: br0
> >     buffer-size: 64535
> >     use-mmap: yes
> >   - interface: br0
> >     threads: 1
> >     cluster-id: 97
> >     defrag: yes
> >     cluster-type: cluster_flow
> >     copy-mode: ips
> >     copy-iface: eth0
> >     buffer-size: 64535
> >     use-mmap: yes
> >
> >
> > Regards
> > -Kavi Perumal G.
>
> > _______________________________________________
> > Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> > Site: http://suricata-ids.org | Support:
> http://suricata-ids.org/support/
> > List:
> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> >
> > Conference: https://suricon.net
> > Trainings: https://suricata-ids.org/training/
>
>
> --
> Andreas Herz
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20181030/48a4f5ca/attachment.html>


More information about the Oisf-users mailing list