OPNsense Forum
English Forums => Zenarmor (Sensei) => Topic started by: the-mk on October 17, 2020, 10:21:08 pm
-
when I implement my sensei installation with the passive deployment mode (waiting for OPNsense 20.7.4 with the "better" kernel) - when having a look at the status page where the network interfaces are listed, "Bytes IN", "Packets IN", "TPUT IN", "PPS IN" have a 0 value all the time, no matter what my network clients do...
also when selecting "volume" on dashboard or reports, should I see here the amount of bytes from AND to the client or only one direction?
I do have the feeling that with OPNsense 20.7.3 (stock kernel) and Sensei 1.6.1 in passive mode it does not look right - I have done several uploads to cloud (Onedrive and an incountry nextcloud) as well as speed tests with speedof.me and fast.com - but I don't see all the traffic on the dashboard and report?!? when comparing the sum of i.e. apps breakdown and conn-facts on the dashboard, there is a huge difference...
-
Hi @the-mk,
Thank you for the feedback about Passive Mode.
With Passive Mode, it's harder to correctly know flow direction. Reason is, we use bpf(4) and even if it's ingress or egreess; packets are handed over to the packet engine through a single stream of packets. Packet descriptors in bpf(4) mode does not have packet direction information.
In this case, Sensei makes a best guess by trying to infer the direction from the packet contents (i.e. packets heading toward public ip addresses, or networks defined in the firewall's interface list), which has the possibility of missing some use-cases (e.g. remote office networks etc).
This is also why you do not see both direction statistics in Sensei -> Status page.
Question: do you have more than one ethernet interface, thus multiple networks in your firewall?
For the mismatch in packet volume; this might be due to pcap buffer size. Any chances that you can send the output of the following command:
# netstat -B
-
Hi mb,
yes, I have several interfaces on my OPNsense vm (LAN, WLAN, IOT, MEDIA, etc...)
output of netstat -B:
root@OPNsensei:~ # netstat -B
Pid Netif Flags Recv Drop Match Sblen Hblen Command
95958 ovpns1 p--s--- 0 0 0 0 0 eastpect
6341 pflog0 p--s--- 2446139 0 2446139 4110 0 filterlog
42960 vmx6 p--s--- 519629 0 519629 0 0 eastpect
79247 vmx6 -ifs--- 9209973 0 68 0 0 dhcpd
40959 vmx5 p--s--- 4335311 0 4335311 0 0 eastpect
79247 vmx5 -ifs--- 15619190 0 1017 0 0 dhcpd
70593 vmx4 p--s--- 2426658 0 2426658 0 0 eastpect
79247 vmx4 -ifs--- 15016860 0 481 0 0 dhcpd
79715 vmx2 p--s--- 5667364 0 5667364 0 0 eastpect
79247 vmx2 -ifs--- 18555608 0 221 0 0 dhcpd
62092 vmx1 p--s--- 589545 0 589545 0 0 eastpect
79247 vmx1 -ifs--- 2176181 0 477 0 0 dhcpd
11494 vmx0 p--s--- 2179676 0 2179676 144 0 eastpect
79247 vmx0 -ifs--- 13213662 0 291 0 0 dhcpd
you might be the wrong one to ask, but do you know when 20.7.4 with the new kernel will arrive?
Thanks!
-
@the-mk thanks for the stats. I was curious if you had any packet drops there, but it looks everything is good. I'm inclined to think that this is more related to multiple interfaces and packet direction. Let us give this a bit of more thought.
For the 20.7.4; yes you're right. @franco or @ad would be the correct contact for 20.7.4 release date.
For now I can see that 20.7.4 will have netmap fixes:
https://github.com/opnsense/src/commits/stable/20.7
-
Hi @the-mk, it looks like 20.7.4 will be released tomorrow ;)