Suricata 3.1.2_2 - Inline mode killing WAN em0



  • I need help understanding why enabling Suricata Inline mode on an em0 WAN interface is causing it to go offline and essentially killing it!

    From what i have gathered interface 'em' are suppose to be supported.

    What sort of troubleshooting steps can i take to rectify this?


  • Banned

    Switch to non-inline. Troubleshooting done.



  • Ok. But what if…i mean just what if i want to use "Inline mode"?  :-\

    My NIC 'em' is so called supported right? So why not HELP if you can to help me work it out?

    But your response is snark-ish don't you think?

    Whats the point of a TECH forum if folks seeking help are going to be meant with response as such?

    Don't you THINK that like many people i know that 'legacy' mode is available and work?

    Come on now!


  • Banned

    Read the forum and see it's been asked over and over again. Netmap is used for inline suricata mode. Netmap is buggy, hardware limited kernel-level stuff. No fixes can be done in the suricata package. Noone will fix anything here (expect perhaps if someone switched the package to divert sockets.)

    It doesn't work for you? Don't use it. Simple. Want it fixed? Take it upstream.


  • Banned

    @OCKTechMag:

    Ok. But what if…i mean just what if i want to use "Inline mode"?  :-\

    My NIC 'em' is so called supported right? So why not HELP if you can to help me work it out?

    But your response is snark-ish don't you think?

    Whats the point of a TECH forum if folks seeking help are going to be meant with response as such?

    Don't you THINK that like many people i know that 'legacy' mode is available and work?

    Come on now!

    What chipset your em nic use?



  • @Redyr:

    @OCKTechMag:

    Ok. But what if…i mean just what if i want to use "Inline mode"?  :-\

    My NIC 'em' is so called supported right? So why not HELP if you can to help me work it out?

    But your response is snark-ish don't you think?

    Whats the point of a TECH forum if folks seeking help are going to be meant with response as such?

    Don't you THINK that like many people i know that 'legacy' mode is available and work?

    Come on now!

    What chipset your em nic use?

    NIC info

    em0@pci0:1:0:0: class=0x020000 card=0x6c401462 chip=0x10d38086 rev=0x00 hdr=0x00
        vendor    = 'Intel Corporation'
        device    = '82574L Gigabit Network Connection'
        class      = network
        subclass  = ethernet
        cap 01[c8] = powerspec 2  supports D0 D3  current D0
        cap 05[d0] = MSI supports 1 message, 64 bit
        cap 10[e0] = PCI-Express 1 endpoint max data 128(256) NS link x1(x1)
                    speed 2.5(2.5) ASPM disabled(L0s/L1)
        cap 11[a0] = MSI-X supports 3 messages, enabled
                    Table in map 0x1c[0x0], PBA in map 0x1c[0x2000]
        ecap 0001[100] = AER 1 2 fatal 0 non-fatal 5 corrected

    em1@pci0:2:0:0: class=0x020000 card=0x6c401462 chip=0x10d38086 rev=0x00 hdr=0x00
        vendor    = 'Intel Corporation'
        device    = '82574L Gigabit Network Connection'
        class      = network
        subclass  = ethernet
        cap 01[c8] = powerspec 2  supports D0 D3  current D0
        cap 05[d0] = MSI supports 1 message, 64 bit
        cap 10[e0] = PCI-Express 1 endpoint max data 128(256) NS link x1(x1)
                    speed 2.5(2.5) ASPM disabled(L0s/L1)
        cap 11[a0] = MSI-X supports 3 messages, enabled
                    Table in map 0x1c[0x0], PBA in map 0x1c[0x2000]
        ecap 0001[100] = AER 1 2 fatal 0 non-fatal 5 corrected

    xhci0@pci0:0:20:0:      class=0x0c0330 card=0x1e318086 chip=0x1e318086 rev=0x04 hdr=0x00
        vendor    = 'Intel Corporation'
        device    = '7 Series/C210 Series Chipset Family USB xHCI Host Controller'
        class      = serial bus
        subclass  = USB
        cap 01[70] = powerspec 2  supports D0 D3  current D0
        cap 05[80] = MSI supports 8 messages, 64 bit enabled with 1 message

    ahci0@pci0:0:31:2:      class=0x010601 card=0x1e038086 chip=0x1e038086 rev=0x04 hdr=0x00
        vendor    = 'Intel Corporation'
        device    = '7 Series Chipset Family 6-port SATA Controller [AHCI mode]'
        class      = mass storage
        subclass  = SATA
        cap 05[80] = MSI supports 1 message enabled with 1 message
        cap 01[70] = powerspec 3  supports D0 D3  current D0
        cap 12[a8] = SATA Index-Data Pair
        cap 13[b0] = PCI Advanced Features: FLR TP