Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
16.7 Legacy Series
»
so ids is periodically dying with a core dump
« previous
next »
Print
Pages: [
1
]
Author
Topic: so ids is periodically dying with a core dump (Read 1349 times)
nrf
Newbie
Posts: 12
Karma: 0
so ids is periodically dying with a core dump
«
on:
August 01, 2016, 03:32:47 pm »
anyone following this? seems I bumped up to 16.7 too soon, should have let others soak it
Logged
RabidWolf9
Newbie
Posts: 6
Karma: 1
Re: so ids is periodically dying with a core dump
«
Reply #1 on:
August 01, 2016, 06:37:31 pm »
IDS / IPS currently are not working with 16.7, must be disabled till new patch.
Logged
franco
Administrator
Hero Member
Posts: 7860
Karma: 523
Re: so ids is periodically dying with a core dump
«
Reply #2 on:
August 02, 2016, 07:37:16 am »
Try reverting to Suricata 3.0.2 to see if that helps:
https://forum.opnsense.org/index.php?topic=3433.0
Are you using IPS?
We've identified a bug in the kernel code that shall be addressed in 16.7.1 this week.
Cheers,
Franco
Logged
Sundial
Newbie
Posts: 19
Karma: 3
Re: so ids is periodically dying with a core dump
«
Reply #3 on:
August 02, 2016, 03:13:07 pm »
Just for my information, is this a kernel bug in FreeBSD itself or just related to a modification by OPNSense? Thanks.
Logged
franco
Administrator
Hero Member
Posts: 7860
Karma: 523
Re: so ids is periodically dying with a core dump
«
Reply #4 on:
August 02, 2016, 04:46:58 pm »
This is solely about the em(4) driver in conjunction with netmap(4) in FreeBSD. There was a batch MFC for FreeBSD 10.3 that is not in FreeBSD 10.2, namely:
https://svnweb.freebsd.org/base?view=revision&revision=294958
This was further bisected and led to:
https://svnweb.freebsd.org/base?view=revision&revision=293331
Then Ad found out this is related to the extended descriptor change and it is going to be reverted for 16.7.1:
https://github.com/opnsense/src/commit/11586afbb7ae47026ec490c2cf5c7d08111e88db
It's still not perfect and we'll keep digging to get to the bottom of this. The patch restores packet flow under netmap(4) for some chipsets and is generally more stable, although it's still not where it was as with 10.2.
For now we must say this also affects FreeBSD 11, though a small fix has already made it upstream which at least prevents total packet loss with netmap(4) in some scenarios:
https://svnweb.freebsd.org/base?view=revision&revision=303638
Cheers,
Franco
Logged
Sundial
Newbie
Posts: 19
Karma: 3
Re: so ids is periodically dying with a core dump
«
Reply #5 on:
August 02, 2016, 04:59:46 pm »
Thanks for the detailed info. That really seems like quite the subtle little problem to find. Good work figuring that out so quickly!
Is your assessment then that we should be OK with IDS on if not using the affected Intel network adapter? For example, most of my boxes (unfortunately) have Realtek adapters.
Logged
franco
Administrator
Hero Member
Posts: 7860
Karma: 523
Re: so ids is periodically dying with a core dump
«
Reply #6 on:
August 02, 2016, 05:06:43 pm »
Realtek re(4) is another story of instability with netmap(4). The consensus here is that it shouldn't be used. There are some threads about it.
IDS mode itself is fine on all adapters / drivers.
Logged
Sundial
Newbie
Posts: 19
Karma: 3
Re: so ids is periodically dying with a core dump
«
Reply #7 on:
August 02, 2016, 05:13:56 pm »
Thank you for the info. I actually meant IPS in my previous post, but I'll stay away from that until the issues get resolved. Thanks again for being on top of this.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
16.7 Legacy Series
»
so ids is periodically dying with a core dump
