Bug #5871: ips/af-packet: doesn't work between 2 virtio devices - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #5871

open

ips/af-packet: doesn't work between 2 virtio devices

Added by Jason Ish over 1 year ago. Updated over 1 year ago.

Status:

New

Priority:

Normal

Assignee:

OISF Dev

Target version:

TBD

Affected Versions:

6.0.10, 7.0.0-rc1

Effort:

Difficulty:

Label:

Description

The scenario is a libvirt VM with 2 network interfaces using virtio and using Suricata to bridge between them. Things like ping work, but DNS doesn't. Changing the interfaces to e1000 in virt-manager allows the Suricata to bridge to work.

As the stock Linux bridge works between 2 virtio interfaces, Suricata likely should as well.

History
Notes

Actions

Copy link

Updated by Jason Ish over 1 year ago

So a known issue, from our forums at least: https://forum.suricata.io/t/ip-packet-handling-issues-in-virtio-net-on-certain-os-kernel-versions-on-kvm-vm/2688

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Bug #5871

ips/af-packet: doesn't work between 2 virtio devices

Updated by Jason Ish over 1 year ago