[Bug 236219] netmap bug pf set prio
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Fri Mar 8 14:08:52 UTC 2019
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=236219
--- Comment #5 from Vincenzo Maffione <vmaffione at FreeBSD.org> ---
Is suricata using netmap over a VLAN interface (rather than a physical
interface)?
In that case you are going through the "emulated netmap adapter", which is a
way to use netmap (at reduced performance, and with some functional limitation)
over any Ethernet interface. In other words, VLAN interfaces do not (and
cannot) have native netmap support (e.g. like ixl, ixgbe, em, vtnet, vmx, etc).
This may explain what you see, since in emulated mode you are still partially
using the network stack.
Or maybe your suricata is configured to forward packets between the physical
interface and its host rings (e.g. between "igb" and "igb+"), which means that
packets actually pass through the FreeBSD network stack, and therefore through
pf.
In any case netmap does not touch the packets in any way, and does not call
into any firewall or similar packet processing element.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-net
mailing list