Feature #6012
Updated by Lukas Sismis about 1 year ago
Suricata currently cannot support segmented (chained) chained mbufs. This is not a problem when Suricata runs as a primary application. However, this issue may arise, when Suricata runs as a secondary process and receives packets from an application (running as a primary process). In this case, Suricata cannot affect how the received mbufs are structured and therefore should be able to handle chained mbufs. Running Suricata as a secondary process does not imply segmented mbufs. These can be totally avoided if the primary application is configured correctly (mbuf size large enough to contain packets as large as MTU + extra headroom space).