hi, when my pppoe go down, suricata, cpu go 100%, i must reboot the service manually. why?
this is the error
uricata: [100928] <Error> -- [ERRCODE: SC_ERR_NETMAP_READ(264)] - Error reading data from iface 'pppoe0': (55u) No buffer space available
news for this problem?
its possible to create a schedule for reboot automatically the service?
Do you use promisc mode? Or maybe set the parent interface and not pppoe itself
solved to create a script
https://forum.netgate.com/topic/64563/pfsense-auto-reboot-script-when-google-is-unreachable
i have modify something
#!/bin/bash
#
# put -xv after bash to debug
#
HOSTS="www.google.com"
COUNT=10
echo "----------------------"
#debug
echo "Host to Ping -----> " $HOSTS
echo "----------------------"
echo "Ping to do -----> " $COUNT
echo "----------------------"
######
for myHost in $HOSTS
do
counting=$(ping -c $COUNT $myHost | grep 'received' | awk -F',' '{ print $2 }' | awk '{ print $1 }')
#debug
echo "Ping replied -----> " $counting
######
if [ $counting > 5 ]; then
echo "----------------------"
echo "Ping Host OK ----->" $HOSTS
echo "----------------------"
else
echo "Reboot Suricata WAN DOWN!"
echo "STOP Suricata Service"
sleep 3
sudo service suricata stop
echo "Wait 15 seconds"
sleep 15
echo "Reset ALL state"
sleep 3
sudo pfctl -F state
echo "Wait 10 seconds"
sleep 10
echo "START Suricata Service"
sleep 3
sudo service suricata start
fi
done
after create a new crontab every minute execute script for chek www.google.com its ping ok do nothing if ping go down reboot service
This could also be done more simply with Monit instead of a script, you could set your test on cpu utilization and action to restart the suricata service. Doesn't solve the root cause of the cpu usage though.