OPNsense Forum

English Forums => Intrusion Detection and Prevention => Topic started by: TheWebWasher on February 14, 2018, 12:51:00 pm

Title: Suricata Error OPNSense 18.1.2_2
Post by: TheWebWasher on February 14, 2018, 12:51:00 pm

Hi Everyone,
when I enable Suricata on OPNSense 18.1.2_2 than i get an error on the conole like this:

kernel: 253.050654 [ 274] generic_find_num_queues called, in txq 0 rxq 0
kernel: 253.036456 [ 266] generic_find_num_desc called, in tx 1024 rx 1024
kernel: 253.022228 [ 798] generic_netmap_dtor Restored native NA 0
kernel: 253.008023 [ 274] generic_find_num_queues called, in txq 0 rxq 0
kernel: 252.996591 [ 266] generic_find_num_desc called, in tx 1024 rx 1024
kernel: 252.979590 [ 798] generic_netmap_dtor Restored native NA 0
kernel: 252.965387 [1233] netmap_mem_global_config reconfiguring
kernel: 252.951174 [ 274] generic_find_num_queues called, in txq 0 rxq 0
 kernel: 252.931346 [ 266] generic_find_num_desc called, in tx 1024 rx 1024

Can anyone help me ?? At the moment i have disabled IDS/IPS on the box.

Thanks

Title: Re: Suricata Error OPNSense 18.1.2_2
Post by: Ciprian on February 14, 2018, 03:29:22 pm

Hi!

Tell us a bit about your HW config, and as much as possible of your network topology.
Thank you!

Title: Re: Suricata Error OPNSense 18.1.2_2
Post by: TheWebWasher on February 14, 2018, 04:05:05 pm

Hi!

I have a Home Personal Firewall on an Alix APU1.C4 Board with 4GB RAM, 32GB SSD and Dual Core CPU .

Versions    OPNsense 18.1.2_2-amd64
FreeBSD 11.1-RELEASE-p6
OpenSSL 1.0.2n 7 Dec 2017
CPU Type AMD G-T40E Processor (2 cores)

On the LAN Interface (re0 Tagged Interface) are 4 Vlans configured. The WAN is directly connected to a FritzBox (Provider Router). On the other Interface (re2 Tagged Interface) are 2 DMZ Vlans configured.

Suricata is running on the wan interface. When I enabled IPS the the folowing errors are on the console.

471.089924 [ 254] generic_find_num_desc     called, in tx 1024 rx 1024
471.096416 [ 262] generic_find_num_queues   called, in txq 0 rxq 0
471.102544 [ 760] generic_netmap_dtor       Restored native NA 0
471.117203 [ 254] generic_find_num_desc     called, in tx 1024 rx 1024
471.123579 [ 262] generic_find_num_queues   called, in txq 0 rxq 0
471.129740 [ 760] generic_netmap_dtor       Restored native NA 0
471.158682 [ 254] generic_find_num_desc     called, in tx 1024 rx 1024
471.187915 [ 262] generic_find_num_queues   called, in txq 0 rxq 0

Title: Re: Suricata Error OPNSense 18.1.2_2
Post by: TheWebWasher on February 14, 2018, 06:23:39 pm

What informations do you need about the config??

Title: Re: Suricata Error OPNSense 18.1.2_2
Post by: franco on February 14, 2018, 07:23:32 pm

Hi there,

These are simply diagnostics messages from the kernel part of the IPS mode.


Cheers,
Franco

Title: Re: Suricata Error OPNSense 18.1.2_2
Post by: TheWebWasher on February 14, 2018, 07:38:47 pm

Okay thank you, i ignore this messages!

Title: Re: Suricata Error OPNSense 18.1.2_2
Post by: dcol on February 14, 2018, 10:21:00 pm

Almost looks like netmap running in emulation mode. Must have something to do with the type of NIC. I have never seen these messages on the console with igb or em drivers.

Title: Re: Suricata Error OPNSense 18.1.2_2
Post by: Ciprian on February 15, 2018, 02:06:30 am

em (e1000 on ESXi), I have them, always considered them as alerts, or even errors, but not critical ones, since they didn't cause my appliance to malfunction.

Title: Re: Suricata Error OPNSense 18.1.2_2
Post by: TheWebWasher on February 15, 2018, 08:55:36 am

Before I had the messages for the first time, I switched on Promiscous mode (LAN, WAN). OPNSense crashed, then came the messages. I could save the OPNSense only by a config rollback.