Hello everyone.
I've encountered the fabulous packet flow diagram at https://forum.opnsense.org/index.php?topic=36326.0 (https://forum.opnsense.org/index.php?topic=36326.0). (It's so good that it gives me goosebumps.) One thing in the diagram confuses me quite a bit. Whenever that happens I usually learn something new. :)
The diagram depicts that Suricata processes ingress traffic before pf scrubs. How does Suricata manage that before potentially fragmented packets are reassembled?
The placement of Suricata before pf scrubbing in the packet flow diagram may seem counterintuitive at first, especially considering potential fragmentation issues. However, Suricata's ability to process traffic before pf scrubbing is based on its integration with libpcap and its packet processing capabilities.