Suricata

Hi,

After upgrading from 3.0.1 to 3.1.1 (EL-7) we are getting the following errors when running Suricata in PCAP mode. When we specify the listening interface via the command line (as shown below) the engine starts just fine (Command and logs output provided below).

# suricata --pcap=eth0 -c /etc/suricata/suricata.yaml

(/var/log/suricata/suricata.log)

29/7/2016 -- 12:58:32 - <Warning> - [ERRCODE: SC_ERR_NIC_OFFLOADING(284)] - NIC offloading on eth0: RX SET TX SET. Run: ethtool -K eth0 rx off tx off
29/7/2016 -- 12:58:32 - <Warning> - [ERRCODE: SC_ERR_NIC_OFFLOADING(284)] - NIC offloading on eth0: SG: SET,  GRO: SET, LRO: unset, TSO: SET, GSO: SET. Run: ethtool -K eth0 sg off gro off lro off tso off gso off
29/7/2016 -- 12:58:32 - <Notice> - all 4 packet processing threads, 2 management threads initialized, engine started. 

When not specifying the interface in the command and letting Suricata pick it up from the config file the following happens:

# suricata --pcap -c /etc/suricata/suricata.yaml

(/var/log/suricata/suricata.log)
29/7/2016 -- 12:59:32 - <Error> - [ERRCODE: SC_ERR_PCAP_ACTIVATE_HANDLE(27)] - Couldn't activate the pcap handler, error SIOCGIFHWADDR: No such device
29/7/2016 -- 12:59:32 - <Warning> - [ERRCODE: SC_ERR_NIC_OFFLOADING(284)] - NIC offloading on eth0: RX SET TX SET. Run: ethtool -K eth0 rx off tx off
29/7/2016 -- 12:59:32 - <Warning> - [ERRCODE: SC_ERR_NIC_OFFLOADING(284)] - NIC offloading on eth0: SG: SET,  GRO: SET, LRO: unset, TSO: SET, GSO: SET. Run: ethtool -K eth0 sg off gro off lro off tso off gso off
29/7/2016 -- 12:59:32 - <Error> - [ERRCODE: SC_ERR_THREAD_INIT(49)] - thread "RX#01-" closed on initialization.
29/7/2016 -- 12:59:32 - <Error> - [ERRCODE: SC_ERR_INITIALIZATION(45)] - Engine initialization failed, aborting...

This is what we have in our config file.

pcap:
  - interface: eth0

In the previous version it just worked even when we run Suricata as a service.

We tested on both CentOS 7 and Ubuntu server 16.04 with same results.

Thanks in advance.