Hello,
I would like to know if there is a way to configure Suricata to aggregate TX trafic coming from eth0 and RX trafic coming from eth1, and how to do it.
Thank you
Hi.
I would look into interface bonding on Linux. I believe pf_ring also can aggregate RX and TX traffic.
Note that both cost some processing time on the sensor.
Hello Syoc, Thank you for your answer. I am not sure wether interface bouding can rebuild a bidirectionnal trafic from TX and RX with packet reordonnancement;
I was first looking for a native aggregation functionnality of Suricata. Does Suricata have such capacity ?
I have used interface bonding with RX and TX on different interfaces to reduce “packet on wrong thread” counters, but it probably has some limitations. Suricata has no native aggregation functionality as far as I’m aware.
Ok thank you very much.
Besides bonding there might be some options coming in the future via DPDK if that would support it to merge it upfront. But if you also think that there is a timing diff it could get difficult. This might be something for a SMART NIC or even a packetbroker before you forward it.