Update - Suricata V3.0 Inline Mode

  • Update. I have Suricate V3.0 running in the Inline Mode with CODELQ traffic shaping running to reduce buffer bloat. The CODELQ does not seem to produce the lockup that HFSC does. The HFSC produced a Netmap grab packet series of errors and requiring a reboot of the Pfsense machine. CODELQ does not produce the results achieved with HFSC in the legacy mode for Suricata but does allow for reduction of the buffer bloat. It may be that the issues with Netmap and traffic shaping will be resolved in the future. I am going to run Suricata in the Inline for a while to monitor performance and machine behavior. The NIC is an Intel I350T2v2 with a Xeon processor. I know  Bill Meeks is working hard to resolve the issues that arose with Suricata and the Inline mode. I felt the community would benefit from my experience.

  • Do you turn off the traffic shapping while using Suricata inline mode under pfSense 2.3.1?

  • I was able to use CODELQ traffic shaping  with Suricata Inline mode but could not use HFSC traffic shaping with the Inline mode. HFSC in the Inline mode created a problem resulting in Netmap grab packet errors that showed up on the consol screen. It was not clear what to do about these errors. While CODELQ does reduce buffer bloat it does not do it near as effectively as HFSC.