Hans Vermeer wrote in #note-3: > We've managed to do this successfully, however, the plugin loading has a dlopen, patching this out (Its sadly not a configuration option) gave a fully static build of suricata. > ... Thank you so much!!...QianKai Lin
I tried to build it in alpine linux 3.21 but when I compiled it with hyperscan, it will produce a problem, i don't know how to fix, this is my steps. h2. Build stepsQianKai Lin
h1. Problem When I use AF_PACKET to capture packets, I used tcpreplay to send packet from pcap file. I found sometimes it never output the flow log until stopping the program when using multi flow manager, and it results in memory lea...QianKai Lin
Victor Julien wrote in #note-2: > Does the traffic come from a real interface? If so, then the various offloads need to be disabled on that interface as well. No, the traffic come from local process.QianKai Lin
h1. Problem I used af-packet to capture packets from docker interface and set bpf filter to ignore traffic. I found `stats`'s decoder.invalid was increasing. h1. Configuration h2. docker0's offload Features for docker0: rx-...QianKai Lin
*Problem* I used af-packet to capture packets from docker interface and set bpf filter to ignore traffic. I found `stats`'s decoder.invalid was increasing. *Configuration* *docker0's offload*QianKai Lin