From your ip a output it looks like both of your network interfaces have IP addresses on different networks. Is this machine also acting as a router/firewall/nat device? If so, use NFQ IPS. As it looks like these packets may be routed through, rather than bridged by Suricata in which case AF_PACKET IPS cannot help you.
A quick self-test for this is to remove the IP addresses from these interfaces, does your network still work? If so, AF_PACKET IPS might be for you. If it breaks your network, you probably need NFQ IPS.
When doing AF_PACKET IPS it is not recommended to have IP addresses on the network interfaces that make up the pair of interfaces for the AF_PACKET bridge.