Differences

This shows you the differences between two versions of the page.

--- pfsense:suricata:alerts:suricata_udpv4_invalid_checksum [2020/02/28 20:59] – peter
+++ pfsense:suricata:alerts:suricata_udpv4_invalid_checksum [2021/01/14 17:17] (current) – peter
@@ Line 1: / Line 1: @@
 ====== PFSense - Suricata - Alerts - SURICATA UDPv4 invalid checksum ======
-Disable Hardware Checksum Offloading under **SYSTEM > ADVANCED >> NETWORKING**.
+Disable Hardware Checksum Offloading under **System -> Advanced -> Networking**.
 ----
-Try toggling the Hardware Checksum Offloading feature under **SYSTEM > ADVANCED >> NETWORKING**.
+===== Suppress =====
-If that does not do it, you can simply disable that particular rule by either clicking the red X icon on the **Alerts** tab in the GID/SID column, or you can find and selectively disable that rule on the **Rules** tab for the interface.
+<code>
+#SURICATA UDPv4 invalid checksum
+suppress gen_id 1, sig_id 2200075
+</code>
-See this thread from the official Suricata documentation Wiki for details:  http://suricata.readthedocs.io/en/latest/performance/packet-capture.html, but the short answer is you want hardware checksum offloading disabled as well as LRO (it is already off by default in pfSense).
+----
+<WRAP info>
+**NOTE:**  Try toggling the **Hardware Checksum Offloading**.
+If that does not do it, you can simply disable this particular rule by either clicking the red X icon on the **Alerts** tab in the GID/SID column, or you can find and selectively disable that rule on the **Rules** tab for the interface.
+See this thread from the official Suricata documentation Wiki for details:
+  * http://suricata.readthedocs.io/en/latest/performance/packet-capture.html.
 Suricata uses PCAP for packet capture during Legacy Blocking Mode operation, and Netmap for Inline IPS Mode operation.
 In both cases, hardware checksum offloading needs to be disabled.
+</WRAP>