The test is:
I use burpsuit send 100 packets to suricata. but suricata noly output about 70 packets.
Env:
OS: REHL 8.2
Suricata version: 6.0.4
The kernel drop is lower than 1/10000.
Thanks for understanding my question, i want to know the reason and how to fix it.
Is upgrading to Version 6.0.6 useful?
Thanks a lot.
Upgrading is most of the time very useful since it contains bug and security fixes.
How does your setup look like, config, run command etc.?
May I have your email address? I’ll email you if I can. Thanks a lot.
Please post it here so others benefit and strip confidential parts out
suricata.yaml:
suricata.yaml (71.2 KB)
configure:
./configure --enable-non-bundled --enable-pfring --with-libhtp-includes=/usr/local/include/htp --with-libhtp-libraries=/usr/local/lib --prefix=/home/suricata/usr/ --sysconfdir=/home/suricata/etc/ --localstatedir=/home/suricata/var/
run:
/home/suricata/usr/bin/suricata -c /home/suricata/etc/suricata.yaml -l /data/suricata/var/ -vvv --pfring=p3p1 --pfring-cluster-id 96 --runmode workers -D
Please take a look. Thanks.
Can you try it with af_packet mode instead of pf_ring just for comparison if it’s related to the capture method?
Also the suricata.log and stats.log would be helpful.
Conditions do not allow.