I don’t currently have OvS running but looking at e.g. https://superuser.com/questions/1793929/how-to-send-traffic-with-testpmd-to-openvswitch-when-ovs-is-using-dpdkvhostuserc
They are using net_virtio_user virtual driver instead of net_vhost driver as you use on Suricata side. Can you maybe retry that?
I would suggest first making the setup work with testpmd, as this suits your use case completely (forwarding between two ports), then moving DPDK parameters into Suricata config. You will also get more results on Google as well.
Btw, if you intend to connect the two interfaces (to pass traffic from net_vhost0 to net_vhost1 and vice versa), you need to define copy-iface and copy-mode anyway, otherwise it will be a receiver only and Suricata won’t send packets (IDS vs IPS difference).
So your config should be:
dpdk:
eal-params:
proc-type: primary
vdev:
- "net_vhost0,iface=/var/run/openvswitch/vhost-user1.sock,queues=1"
- "net_vhost1,iface=/var/run/openvswitch/vhost-user2.sock,queues=1"
interfaces:
- interface: "net_vhost0"
copy-iface: net_vhost1
copy-mode: ips
- interface: "net_vhost1"
copy-iface: net_vhost0
copy-mode: ips
- interface: default
threads: 1
threading:
set-cpu-affinity: yes
cpu-affinity:
- management-cpu-set:
cpu: [ 0 ]
- worker-cpu-set:
cpu: [ "all" ]
runmode: workers
default-rule-path: /root
rule-files:
- test.rules
outputs:
- console:
enabled: yes
- file:
enabled: yes
level: info
filename: suricata.log
- eve-log:
enabled: yes
filetype: regular
filename: eve.json
- fast:
enabled: yes
filename: fast.log
append: yes