Hi, I've checked the 'docs' and searched here for an answers before posting, without success.
I'm assessing OPNsense to move my small business firewall requirements to, I evaluated 21.7 a few weeks ago but hit several faults/issues with it so gave up hoping they'd be fixed in the then upcoming 22.1 release. I've now got 22.1 running and immediately have hit one of the same issues again.
The purpose (I assume) of the dashboard, is to present the sysadmin with quickly digestible status info, so that actions can be taken should anything seem amiss.
Well immediately after installation, the Interface Statistics widget started to report 'Errors Out'. I quickly checked the switch port interface counters and they record ZERO ethernet framing errors.
I've tried clearing all available logs in the GUI, and re-starting, but the 'error' counters are retained across reboots.
So where in the heck is OPNsense getting this information from ? And how can I clear these error counters once the issue has been resolved ? It seems completely pointless reporting information that cannot be acted upon.
TIA, Andy
QuoteI quickly checked the switch port interface counters and they record ZERO ethernet framing errors.
QuoteSo where in the heck is OPNsense getting this information from ?
"what the heck" do you expect to see on the switch information about the frames that did not leave the opnsense interface? ;D
it takes it from ""ifinfo" util output, which takes them from the kernel counters imho.
Quotehow can I clear these error counters once the issue has been resolved ?
reboot
Thanks for that, at least I know now a thing named 'ifinfo' exists. But:
root@a-fw:~ # man ifinfo
No manual entry for ifinfo
The FreeBSD online man page search hasn't heard of it. The OPNsense 'docs' mention it four times in some changelogs, but nowhere do they explain it usage.
I tried it at the prompt:
root@a-fw:~ # ifinfo -h
ifinfo: illegal option -- h
ifinfo: usage:
ifinfo [-l]
root@a-fw:~ # ifinfo -help
ifinfo: illegal option -- h
ifinfo: usage:
ifinfo [-l]
root@a-fw:~ # ifinfo -?
ifinfo: No match.
So basically all it can do is dump interface counters of a single selected, or all interfaces known to it.
However it does not appear to know about any of the 'Interfaces' presented in the GUI. Perhaps the OPNsense code is taking counters from 'ifinfo', and abstracting that into its own internal counters for presenting via the GUI.
For science, I tried booting with no ethernet cables connected and did:
root@a-fw:~ # ifinfo | grep error
I found the 'smoking gun' effectively, with not a single packet having entered or left OPNsense, SIX of the 'error' counters listed by 'ifinfo', are non-zero !
So I suspect I am seeing artefacts of some internal fault within OPNsense ?
It still remains a mystery as to the origin of the reported 'errors' and there's nothing in the raw output from 'ifinfo', that seemingly can help with that, for example:
root@a-fw:~ # ifinfo - lagg0
Interface lagg0 (lagg0):
flags: 8943
promiscuous listeners: 2
send queue length: 0
send queue max length: 50
send queue drops: 0
type: Ethernet
address length: 6
header length: 14
link state: 1
vhid: 0
datalen: 152
mtu: 1500
metric: 0
line rate: 10000000 bit/s
packets received: 0
input errors: 0
packets transmitted: 0
output errors: 32
collisions: 0
bytes received: 0
bytes transmitted: 0
multicasts received: 0
multicasts transmitted: 0
input queue drops: 0
packets for unknown protocol: 0
HW offload capabilities: 0x0
uptime at attach or stat reset: 26
Any further suggestions as to how clear these supposed 'errors' would be very welcome !
The 'Errors Out' numbers in the dashboard match up with the respective interface - output errors from the ifinfo command.
@ajm
i would suspect some internal FreeBSD\LAGG\Counters issue
example:
https://github.com/opnsense/core/issues/3904
https://forums.freebsd.org/threads/lagg-4-interface-output-errors.46022/
etc
QuoteAny further suggestions as to how clear these supposed 'errors' would be very welcome !
Sorry, maybe someone more advanced can help. imho these counters are reset only by interface "detaching / attaching" (i.e. reboot) and obviously they will start growing again
Thanks again. An underlying issue in the FreeBSD lagg sounds highly plausible. With the exception of the WAN and MGT Interfaces, the others (which are showing the spurious output errors) are all connected via a failover lagg.
As it happens, re-engineering of the network here is going on, associated with the switch to OPNsense, which will obviate the need for the lagg, so this problem may well 'go-away' for my scenario.