Bug #7179
openCapture Kernel Drops happen when data transferring inside the intranet
Description
Mode : IDS with af-packet
Suricata : 7.0.6 and below with hyperscan
OS : Debian 12.x
Capture Kernel Drops only happens when data transferring between machines inside the intranet.
Updated by Victor Julien 4 months ago
There is no detail in this report. Why do you believe there is a bug?
Updated by Victor Julien 4 months ago
How much data? What protocols? How many flows? Please include such detail in your report.
Updated by Samiux A 4 months ago
I have a NextCloud machine in the network. When I paste a file (size 7.6MB) to the NextCloud directory via Linux file manager, there is no kernel drop observed. However, when I paste a file (size 7.9MB) to the NextCloud directory via Linux file manager, there is a 3 to 4 kernel drop observed. If I paste a file large than 10MB or above, the large number of kernel drop can be observed according the file size.
When the file size is below 7.6MB, there is no kernel drop observed.
Meanwhile, I do not use DAV or HTTP protocol (and not HTTPS) to paste the file to NextCloud, I think it is TCP protocol.
The network is connected with 1000Mbps network interface cards.