https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=236219
--- Comment #5 from Vincenzo Maffione <vmaffi...@freebsd.org> --- Is suricata using netmap over a VLAN interface (rather than a physical interface)? In that case you are going through the "emulated netmap adapter", which is a way to use netmap (at reduced performance, and with some functional limitation) over any Ethernet interface. In other words, VLAN interfaces do not (and cannot) have native netmap support (e.g. like ixl, ixgbe, em, vtnet, vmx, etc). This may explain what you see, since in emulated mode you are still partially using the network stack. Or maybe your suricata is configured to forward packets between the physical interface and its host rings (e.g. between "igb" and "igb+"), which means that packets actually pass through the FreeBSD network stack, and therefore through pf. In any case netmap does not touch the packets in any way, and does not call into any firewall or similar packet processing element. -- You are receiving this mail because: You are the assignee for the bug. _______________________________________________ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
