@xxxx - I got x86 hardware based on Intel N95 CPU and want to revisit this.
eth0 = LAN
eth1 = WAN
I compiled in kmod-nfnetlink-queue and kmod-nft-queue
What is the setting I need to tweak with ethtool?
# ethtool -k eth1 | grep receive-offload
generic-receive-offload: on
large-receive-offload: off [fixed]
I ran your script from post#36.
Then I ran:
snort -c "/etc/snort/snort.lua" -i "4" -i "5" -i "6" -i "7" --daq-dir /usr/lib/daq --daq nfq -Q -z 4 -s 65531 --daq-var queue_maxlen=8192 --daq-var device=eth1
I am getting my full download bandwidth of around 650-700 Mbps. The CPU is a quad core and one of them hits >99% during the download test (other 3 are 30-40%).
So this is a win!
Next question is how to adjust the snort3 package config files to mimic this without the command line.