OPNsense Forum

Archive => 19.7 Legacy Series => Topic started by: donatom3 on July 10, 2019, 01:36:15 am

Title: Sensei and Suricata not seeing interfaces on RC1
Post by: donatom3 on July 10, 2019, 01:36:15 am

So I upgraded to RC1 this morning. Suricata stops after starting with the error

Code: [Select]

Jul 9 08:15:25 suricata[27926]: [100117] <Error> -- [ERRCODE: SC_ERR_INITIALIZATION(45)] - Engine initialization failed, aborting...
Jul 9 08:15:25 suricata[27926]: [100117] <Error> -- [ERRCODE: SC_ERR_THREAD_INIT(49)] - thread "W#01-igb0" failed to initialize: flags 0145
Jul 9 08:15:25 suricata[27926]: [100900] <Error> -- [ERRCODE: SC_ERR_NETMAP_CREATE(263)] - Couldn't register igb0 with netmap: Cannot allocate memory
Jul 9 08:15:25 suricata[27926]: [100833] <Error> -- [ERRCODE: SC_ERR_NETMAP_CREATE(263)] - Couldn't register igb0 with netmap: Cannot allocate memory
Jul 9 08:15:25 suricata[27926]: [100888] <Error> -- [ERRCODE: SC_ERR_NETMAP_CREATE(263)] - Couldn't register igb0 with netmap: Cannot allocate memory
Jul 9 08:15:12 suricata: [100117] <Warning> -- [ERRCODE: SC_WARN_DEFAULT_WILL_CHANGE(317)] - in 5.0 the default for decoder event stats will go from 'decoder.<proto>.<event>' to 'decoder.event.<proto>.<event>'. See ticket #2225. To suppress this message, set stats.decoder-events-prefix in the yaml.
Jul 9 08:15:12 suricata: [100230] <Notice> -- This is Suricata version 4.1.4 RELEASE
Sensei starts and runs but shows no interfaces selected. I use igb0 on Suricata for my wan and igb1 on Sensei for my lan.

Forgot to add this was all working on 19.1 before the upgrade. I have 16gb of ram and i5-7600k, 6 ports of intel i211.

Ninja edit #2

Found the below in the general logs. I do have tunables set for the nic that were working fine in 19.1
hw.igb.rxd 4096
hw.igb.txd 4096
net.link.ifqmaxlen 8192
hw.igb.max_interrupt_rate 64000

I'll try removing those when I get a chance but not sure if they are the culprit.

Code: [Select]

Jul 9 16:54:14 kernel: 454.788949 [1916] netmap_mem2_rings_create Cannot allocate RX_ring
Jul 9 16:54:14 kernel: 454.781097 [1015] netmap_obj_malloc netmap_ring request size 65792 too large

Title: Re: Sensei and Suricata not seeing interfaces on RC1
Post by: franco on July 10, 2019, 09:15:43 am

Nice catch, ring size is still too small on stock FreeBSD.

We have the patch on versions up to 19.1, but had to revert for merging newer netmap code in 19.7 and it wasn't applied on top again.

https://github.com/opnsense/src/commit/815f865ea29c

Will be fixed in 19.7 release. Thanks!


Cheers,
Franco

Title: Re: Sensei and Suricata not seeing interfaces on RC1
Post by: donatom3 on July 10, 2019, 10:46:29 am

Quote from: franco on July 10, 2019, 09:15:43 am

Nice catch, ring size is still too small on stock FreeBSD.

We have the patch on versions up to 19.1, but had to revert for merging newer netmap code in 19.7 and it wasn't applied on top again.

https://github.com/opnsense/src/commit/815f865ea29c

Will be fixed in 19.7 release. Thanks!

Cheers,
Franco

Thanks I got it going for now by just dropping my tuneables a bit

Set them to below
hw.igb.rxd 1024
hw.igb.txd 1024
net.link.ifqmaxlen 2048

Both services are working. I'll change them back once 19.7 releases.

Title: Re: Sensei and Suricata not seeing interfaces on RC1
Post by: szty0pa on July 18, 2019, 06:27:32 pm

Upgrading to 19.7 production this morning (thanks for the great work btw!) I'm having similar issues with netmap (suricata) as @donatom3 above. There is a quadport Intel 82571EB network card (working with the em driver) in my box netmap has problems with:

Code: [Select]

Jul 18 15:14:40 suricata[51428]: [100151] <Error> -- [ERRCODE: SC_ERR_INITIALIZATION(45)] - Engine initialization failed, aborting...
Jul 18 15:14:40 suricata[51428]: [100151] <Error> -- [ERRCODE: SC_ERR_THREAD_INIT(49)] - thread "W#01-em0" failed to initialize: flags 0145
Jul 18 15:14:39 suricata[51428]: [100380] <Error> -- [ERRCODE: SC_ERR_NETMAP_CREATE(263)] - Couldn't register em1 with netmap: Invalid argument
Jul 18 15:14:39 suricata[51428]: [100379] <Error> -- [ERRCODE: SC_ERR_NETMAP_CREATE(263)] - Couldn't register em1 with netmap: Invalid argument
Jul 18 15:14:39 suricata[51428]: [100378] <Error> -- [ERRCODE: SC_ERR_NETMAP_CREATE(263)] - Couldn't register em0 with netmap: Invalid argument
Jul 18 15:14:39 suricata[51428]: [100377] <Error> -- [ERRCODE: SC_ERR_NETMAP_CREATE(263)] - Couldn't register em0 with netmap: Invalid argument
hw.em.rxd is 1024 (default value)
hw.em.txd is 1024 (default value)
net.link.ifqmaxlen is 2048 (was 50 by default)

Could you guys give any advice on how to remedy this or what could be the problem?

Thanks!

[edit]
Jumbo frames seem to be the issue:

Code: [Select]

786.356550 [2157] netmap_buf_size_validate  error: large MTU (9000) needed but em0 does not support NS_MOREFRAG
786.371958 [2157] netmap_buf_size_validate  error: large MTU (9000) needed but em1 does not support NS_MOREFRAG
Strange thing is that this was working before like this. Does anybody know if the updated netmap can work with jumbo frames if the card/driver does not support NS_MOREFRAG?