Problem configuring af-packet with three interfaces

Hi,

I am trying to configure af-packet: with three interfaces. Say they are
ens3, ens4 and ens5. I am interested in traffic

ens3 <–> ens4
ens3 <–> ens5
(but not between ens 4 & 5)

I tried the configuration (below), but get the error
4/4/2021 – 11:14:32 - - [ERRCODE: SC_ERR_AFP_CREATE(190)] - Threads number not equals.

No doubt I am misunderstanding something … Any help would be appreciated

Thanks

af-packet:

• interface: ens3
  threads: 1
  defrag: yes
  cluster-type: cluster_flow
  cluster-id: 98
  copy-mode: ips
  copy-iface: ens4
  buffer-size: 64535
  use-mmap: yes
  tpacket-v2: yes
• interface: ens4
  threads: 1
  cluster-id: 97
  defrag: yes
  cluster-type: cluster_flow
  copy-mode: ips
  copy-iface: ens3
  buffer-size: 64535
  use-mmap: yes
  tpacket-v2: yes
• interface: ens3
  threads: 1
  defrag: yes
  cluster-type: cluster_flow
  cluster-id: 96
  copy-mode: ips
  copy-iface: ens5
  buffer-size: 64535
  use-mmap: yes
  tpacket-v2: yes
• interface: ens5
  threads: 1
  cluster-id: 95
  defrag: yes
  cluster-type: cluster_flow
  copy-mode: ips
  copy-iface: ens3
  buffer-size: 64535
  use-mmap: yes
  tpacket-v2: yes

If you remove the last two interface sections, just for testing, the error doesn’t occur?

As far as we have been able to tell, you can only have each one -interface for each adapter
Which leads to the question of how to do af-packet in IPS mode with three interfaces

I thought about it again and the question would be how should Suricata decide for an incoming packet from a new connection on ens3 where to copy it?