Suricata and VirtIO
-
Has anyone had any luck using suricata inline mode with virtio adapters? Currently have a virtualized environment running on KVM, guests are supplied virtio adapters connected to openvswitch which in turn connects to the physical interfaces; I'm assuming I'd need to rearchitect this with VALE and netmap to make suricata work in inline mode?
-
@gerby123 said in Suricata and VirtIO:
VALE
Are you still running Suricata on a virtualized pfsense guest? Or are you asking about Suricata in Linux?
-
Correct, the hypervisor is KVM but suricata is running in a PFSense guest.
-
I don't have any experience with KVM/vertio, but I run pfSense in VMs (ESXi) using Bro and Suricata without an issue. This includes the use of virtual switches and etc
Can you not select a virtualized driver in KVM?
If you can't what driver is it using and what issue are you running into with using netmap on that interface?
-
The issue I encounter seems related to others who have tried to run inline mode without netmap support; traffic passes for a brief period of time and then all traffic flow stops.
-
This post is deleted!