[Oisf-users] Suricata causes massive packet loss

Peter Manev petermanev at gmail.com
Sun Sep 8 07:15:10 UTC 2019

> On 7 Sep 2019, at 19:29, peter.mueller at ipfire.org wrote:
> Hello Stefan, hello Peter, hello Eric, hello *,
> sorry for the late reply.
> @Peter: Thank you for the "max-pending-packets" hint. Changing the value
> from 1024 (default) to 2048, 4096 and 8192 unfortunately did not made
> things better - OpenVPN throughput stays the same.
> @Stefan: Thank you for building and packaging! I will install it on
> my testing machine and report back within the next days.
> Since I was unable to reproduce the OpenVPN bandwidth issue on another
> (productive) system running on Core Update 134, I guessed Core 135
> (https://blog.ipfire.org/post/ipfire-2-23-core-update-135-released)
> introduced that problem. This is wrong, I have updated the system meanwhile,
> performed a reboot, and everything stays the same.
> @Eric: It is good to know that the DNS problem can be tracked down
> to a Netfilter bug. There are some iptables/Netfilter/... packages which
> we are not shipping the latest version, I will update them. Do you happen
> to have a bugtracker ID or link for that problem?

In relation to that - is the problem only with DNS traffic ?

> @All: Meanwhile, the domain "suricata-ids.org" was listed at URIBL
> (http://uribl.com/), so some mails got rejected at our mail server. I
> guess that was a false positive and removed hard reject action for URIBL.
> Anyway: Is anyone aware of a compromise or security issues at "suricata-ids.org"?
> Thanks, and best regards,
> Peter Müller

More information about the Oisf-users mailing list