Suricata cannot parse http traffic correctly

suricata cannot parse http traffic correctly

use command
sudo suricata -vvv -c /etc/suricata/suricata.yaml -i eth0

set lua script

function init (args)
    local needs = {}
    --needs["type"] = "flow" 
    needs["protocol"] = "http" 
    return needs
end

function setup (args)
    SCLogInfo("test ")
end

function log()
    http_table = {}

    ti = {
        tags = {}
    }
    SCLogInfo ("stream");
    -- http_hostname & http_url
    http_url = HttpGetRequestUriNormalized()
    http_table["headers"] =  HttpGetRawRequestHeaders()
    SCLogInfo(http_table["headers"])
    SCLogInfo(http_url)
    --SCLogInfo(HttpGetRequestBody())
end

function deinit (args)
    SCLogInfo ("test");

end

I cannot get http information from mirrored traffic
If I send the package locally, I can get the http information and use tcpdump to capture the package and wireshark can see the http traffic

image1688×722 77.7 KB