Date: Fri, 08 Mar 2019 14:08:49 +0000 From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 236219] netmap bug pf set prio Message-ID: <bug-236219-7501-YQc6rEEpq0@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-236219-7501@https.bugs.freebsd.org/bugzilla/>
index | next in thread | previous in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=236219 --- Comment #5 from Vincenzo Maffione <vmaffione@FreeBSD.org> --- Is suricata using netmap over a VLAN interface (rather than a physical interface)? In that case you are going through the "emulated netmap adapter", which is a way to use netmap (at reduced performance, and with some functional limitation) over any Ethernet interface. In other words, VLAN interfaces do not (and cannot) have native netmap support (e.g. like ixl, ixgbe, em, vtnet, vmx, etc). This may explain what you see, since in emulated mode you are still partially using the network stack. Or maybe your suricata is configured to forward packets between the physical interface and its host rings (e.g. between "igb" and "igb+"), which means that packets actually pass through the FreeBSD network stack, and therefore through pf. In any case netmap does not touch the packets in any way, and does not call into any firewall or similar packet processing element. -- You are receiving this mail because: You are the assignee for the bug.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-236219-7501-YQc6rEEpq0>