suricata does not work anymore on debian

[majst01]

root@shoot--phjjbm--s3-test-01-firewall-6049b:/var/log/suricata# tail -f suricata.log 
14/8/2020 -- 16:07:33 - <Info> - 1 rule files processed. 24330 rules successfully loaded, 0 rules failed
14/8/2020 -- 16:07:33 - <Info> - Threshold config parsed: 0 rule(s) found
14/8/2020 -- 16:07:33 - <Info> - 24333 signatures processed. 1150 are IP-only rules, 3993 are inspecting packet payload, 18961 inspect application layer, 103 are decoder event only
14/8/2020 -- 16:07:46 - <Info> - Going to use 32 thread(s)
14/8/2020 -- 16:07:46 - <Info> - Using unix socket file '/run/suricata-command.socket'
14/8/2020 -- 16:07:46 - <Notice> - all 32 packet processing threads, 4 management threads initialized, engine started.
14/8/2020 -- 16:07:46 - <Error> - [ERRCODE: SC_ERR_INVALID_VALUE(130)] - Frame size bigger than block size
14/8/2020 -- 16:07:46 - <Info> - Ring parameter are incorrect. Please correct the devel
14/8/2020 -- 16:07:46 - <Error> - [ERRCODE: SC_ERR_AFP_CREATE(190)] - Couldn't init AF_PACKET socket, fatal error
14/8/2020 -- 16:07:46 - <Error> - [ERRCODE: SC_ERR_FATAL(171)] - thread W#01-vrf104009 failed
14/8/2020 -- 16:08:46 - <Notice> - This is Suricata version 5.0.3 RELEASE running in SYSTEM mode
14/8/2020 -- 16:08:46 - <Info> - CPUs/cores online: 32
14/8/2020 -- 16:08:47 - <Info> - Found an MTU of 65536 for 'vrf104009'
14/8/2020 -- 16:08:47 - <Info> - Found an MTU of 65536 for 'vrf104009'
14/8/2020 -- 16:08:47 - <Info> - fast output device (regular) initialized: fast.log
14/8/2020 -- 16:08:47 - <Info> - eve-log output device (regular) initialized: eve.json
14/8/2020 -- 16:08:47 - <Info> - stats output device (regular) initialized: stats.log
14/8/2020 -- 16:08:51 - <Info> - 1 rule files processed. 24330 rules successfully loaded, 0 rules failed
14/8/2020 -- 16:08:51 - <Info> - Threshold config parsed: 0 rule(s) found
14/8/2020 -- 16:08:51 - <Info> - 24333 signatures processed. 1150 are IP-only rules, 3993 are inspecting packet payload, 18961 inspect application layer, 103 are decoder event only
14/8/2020 -- 16:09:04 - <Info> - Going to use 32 thread(s)
14/8/2020 -- 16:09:04 - <Info> - Using unix socket file '/run/suricata-command.socket'
14/8/2020 -- 16:09:04 - <Notice> - all 32 packet processing threads, 4 management threads initialized, engine started.
14/8/2020 -- 16:09:04 - <Error> - [ERRCODE: SC_ERR_INVALID_VALUE(130)] - Frame size bigger than block size
14/8/2020 -- 16:09:04 - <Info> - Ring parameter are incorrect. Please correct the devel
14/8/2020 -- 16:09:04 - <Error> - [ERRCODE: SC_ERR_AFP_CREATE(190)] - Couldn't init AF_PACKET socket, fatal error
14/8/2020 -- 16:09:04 - <Error> - [ERRCODE: SC_ERR_FATAL(171)] - thread W#01-vrf104009 failed
^C
root@shoot--phjjbm--s3-test-01-firewall-6049b:/var/log/suricata# ps aux | grep suri
root       10163  0.0  0.0   3120   664 pts/0    S+   16:09   0:00 grep suri
root@shoot--phjjbm--s3-test-01-firewall-6049b:/var/log/suricata# systemctl status suricata
● suricata.service - Suricata Intrusion Detection Service
     Loaded: loaded (/etc/systemd/system/suricata.service; enabled; vendor preset: enabled)
     Active: activating (auto-restart) (Result: exit-code) since Fri 2020-08-14 16:09:04 CEST; 52s ago
    Process: 10096 ExecStartPre=/bin/rm -f $PIDFILE (code=exited, status=0/SUCCESS)
    Process: 10097 ExecStart=/usr/bin/suricata -c $SURCONF --pidfile $PIDFILE -i $IFACE (code=exited, status=1/FAILURE)
   Main PID: 10097 (code=exited, status=1/FAILURE)

related suricata issue:

https://redmine.openinfosecfoundation.org/issues/1474

[majst01]

changing interface from vrf104009 to vlan104009 in /etc/default/suricata and /etc/suricata/suricata.yaml solves this problem

[mwennrich]

same problem on ubuntu

[majst01]

networker is tagged, now a PR to introduce this into images is required.