OPNsense 23.7.3-amd64
FreeBSD 13.2-RELEASE-p2
OpenSSL 1.1.1v 1 Aug 2023
Hi guys.
I don't know since when, possibly since a recent firmware upgrade, Suricata stops all the time, after displaying quite a few warnings, with this error:
[100549] <Error> -- [ERRCODE: SC_ERR_FATAL(171)] - opening devname netmap:igb0-0/R@conf:host-rings=2 failed: Invalid argument
Note: I tried attaching Suricata to igb1 and the problem is the same.
There is no interface igb0-0. The WAN interface is igb0 and I have not changed anything since it worked last (possibly just a firmware upgrade).
Suricata worked perfectly before! - Until Aug 6 at least
Health Audit is fine.
Any ideas what could be wrong and how to fix this?
Thanks for any help.
I have posted a similar problem :
Intrusion Detection stops after 1 minute (https://forum.opnsense.org/index.php?topic=35729.msg173724#msg173724)
Assumed my issue was related to "changing to VLAN" but maybe it is related to what you are reporting?
Quote from: ddt3 on September 02, 2023, 02:26:31 PM
I have posted a similar problem :
Intrusion Detection stops after 1 minute (https://forum.opnsense.org/index.php?topic=35729.msg173724#msg173724)
Assumed my issue was related to "changing to VLAN" but maybe it is related to what you are reporting?
Thanks, but your issue is not related.
This seems solved now.
I went through the system log and happened on this error:
Notice kernel 518.293049 [2226] netmap_buf_size_validate error: using NS_MOREFRAG on igb0 requires netmap buf size >= 4096
I opened a thread for this: https://forum.opnsense.org/index.php?topic=35745.msg173952#msg173952
Once I had set netmap buf size to 4096 and restarted the WAN interface, Intrusion detection/Suricata started normally again.