it looks like the update to Turris OS 3.8 turned on suricata on my system.
I was experiencing a major performance impact accessing the internet. I have a script running in a lxc container which is checking the internet up and download speed every hour. Instead of 200MBit/s my system only achieved 3MBit/s.
Tests inside my network using iperf3 also showed that my turris router was not performing like it should:
iperf3 -c 192.168.178.21 -P 4
[SUM] 0.00-10.00 sec 228 MBytes 191 Mbits/sec receiver
I then shut down suricata and disabled it to restart on system startup which brought me back to normal:
[SUM] 0.00-10.03 sec 1.07 GBytes 913 Mbits/sec receiver
Also the Internet access is snappy again.
Has anyone else experienced the activation of suricata after update to Turris OS 3.8 ?
Hello!
Suricata probably got installed if you previously selected experimental Device Detection userlist in the Updater tab. It is supposed to be the base of parental control feature in the future and the Device Detection is mostly intended as Suricata’s testbed.
Suricata does some heavy processing of traffic and under certain conditions it might slow down the traffic, however we’ve done a lot of performance tweaks to prevent that.
We spent a lot of time testing it, both on Omnia and old Turris (and done it again just right now) and we didn’t notice any substantial performance degradation caused by Suricata.
But I agree it might be the reason (that’s why this list is marked as experimental after all), if you want to try, you can remove suricata just by unselecting Device Detection in Updater tab.
Please let us know if removing Suricata fixed your problem.
I was not aware that the Device Detection triggered Suricata to be installed …
I now disabled Device Detection and this triggered Suricata to be removed:
• Removed package pakon-dev-detect
• Removed package suricata
…
Accessing an official iperf3 server now shows the expected download speed (200MBit):
root@turris:~# iperf3 -c iperf.volia.net -R
Connecting to host iperf.volia.net, port 5201
[ ID] Interval Transfer Bandwidth Retr
[ 4] 0.00-10.00 sec 230 MBytes 193 Mbits/sec 6 sender
So one iperf3 client stream can saturate the cable connection.
But for uploads I only see 3MBit instead of the expected 12MBit - even if I use 10 parallel client streams.
With Turris OS 3.7 I was able to see 12MBit with the same test ;-(
SCM is disabled …
Do you know if there is another change in Turris OS 3.8 which can impact the upload speed ?
Thanks Basil
P.S.: If you want I can rerun the Device Detection if you want to debug something …