Pakon-Suricata - high CPU

I copied a large file from my notebook to Omnia over Samba share and realized that the transfer speed was really low. When I looked at the processes suricata was utilizing the CPU quite heavily. When I paused the file transfer the CPU utilization went down and similarly when I resumed the file transfer it went up - see the screenshot.

With suricata running Total Commander shows the copy speed ~20.000 kbytes/s over ethernet. When I stopped it and tried to copy the same file the speed was ~65.000 kbytes/s - so 3x higher without suricata running …

I know Pakon is in experimental mode but the implication to samba should definitely be looked into.

Hello,
thanks for reporting that.

We’ll look into it. We did a lot of work improving performance of Suricata on Turris/Omia, but it’s a complicated thing and there are still things to look into…

Ok, I think I pinned this one down.

In case of traffic destined for the router, Suricata bypass was not working correctly. I just pushed a fix for that, however, it probably won’t make it to 3.9.1 release. It will probably be released sometime after Christmas, I can’t promise when exactly.

If you want to test that fix now, you can run the following command:

curl https://gitlab.labs.nic.cz/turris/turris-os-packages/raw/59ed624add447e9d3021e9c7f4ec1f644bd6da33/net/suricata/files/suricata.init > suricata.init && mv suricata.init /etc/init.d/suricata && chmod +x /etc/init.d/suricata

and then reboot your router.

Please let me know, if that solved your problem.

it helped - now the copy speed is significantly higher - over 60.000 kbytes/s and samba seems to be the bottleneck. The suricata process used between 4 and 6% CPU. So it looks really good now.

thanks for quick fix, it helped.

The fix will be released in 3.9.2, so the testing-workaround mentioned above soon shouldn’t be needed.