Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - WorldDrknss

Pages1
#1
Zenarmor (Sensei) / Re: Cannot allocate memory
May 31, 2025, 04:01:44 AM
I got this up and running again by setting the following in tunables

Code Select
dev.netmap.buf_num: 1000000
dev.netmap.admode: 0
dev.netmap.ring_num: 256
dev.netmap.buf_size: 4096

and then setting the MTU (instead of leaving blank) the interfaces to 1500.

Reboot Opnsense
#2
Intrusion Detection and Prevention / Re: opening devname netmap:igb8-2/R failed: Cannot allocate memory
May 31, 2025, 04:00:04 AM
I got this up and running again by setting the following in tunables

Code Select
dev.netmap.buf_num: 1000000
dev.netmap.admode: 0
dev.netmap.ring_num: 256
dev.netmap.buf_size: 4096

and then setting the MTU (instead of leaving blank) the interfaces to 1500.

Reboot Opnsense
#3
Zenarmor (Sensei) / Re: Cannot allocate memory
May 29, 2025, 12:47:12 AM
Sent

Quote from: sy on May 23, 2025, 12:56:32 PMHi,

Could you please provide the logs and configuration by following the steps outlined in the link below? I kindly request that you select all checkboxes.
https://www.zenarmor.com/docs/support/reporting-bug
 
 
Best regards,
#4
Zenarmor (Sensei) / Re: Cannot allocate memory
May 20, 2025, 06:07:38 PM
Quote from: sy on May 20, 2025, 07:21:53 AMHi,

Please run the command sysctl -a | grep "dev.netmap.buf_num". The value should be max 1000000.



I have mine running much higher as I was having buffer issues. Again this all worked before the 25.1.6 update.

Code Select
dev.netmap.buf_num: 2097152
dev.netmap.ring_num: 256
dev.netmap.buf_size: 4096
#5
Zenarmor (Sensei) / Cannot allocate memory
May 19, 2025, 10:55:47 PM
Working previous to 25.1.6 Update
Still present in `25.1.7`
Even running in emulation mode still fails with the same response.
The same results in IDS logs (as both utilize netmap)

Code Select
opening devname netmap:lagg0/R failed: Cannot allocate memory
#6
Intrusion Detection and Prevention / Re: opening devname netmap:igb8-2/R failed: Cannot allocate memory
May 19, 2025, 10:54:23 PM
Working previous to 25.1.6 Update
Still present in `25.1.7`
Even running in emulation mode still fails with the same response.
The same results in Zenarmor logs (as both utilize netmap)

Code Select
2025-05-19T13:49:35-07:00 Error suricata [756715] <Error> -- opening devname netmap:lagg0/R failed: Cannot allocate memory
2025-05-19T13:47:40-07:00 Warning suricata [100500] <Warning> -- flowbit 'http.dottedquadhost' is checked but not set. Checked in 2021076 and 0 other sigs
2025-05-19T13:47:40-07:00 Warning suricata [100500] <Warning> -- flowbit 'et.JavaArchiveOrClass' is checked but not set. Checked in 2017761 and 0 other sigs
2025-05-19T13:47:40-07:00 Warning suricata [100500] <Warning> -- flowbit 'ET.DMTP_Protocol' is checked but not set. Checked in 2858384 and 0 other sigs
2025-05-19T13:47:40-07:00 Warning suricata [100500] <Warning> -- flowbit 'ET.wininet.UA' is checked but not set. Checked in 2021312 and 0 other sigs
2025-05-19T13:47:40-07:00 Warning suricata [100500] <Warning> -- flowbit 'et.MS.WinHttpRequest.no.exe.request' is checked but not set. Checked in 2022653 and 0 other sigs
2025-05-19T13:47:40-07:00 Warning suricata [100500] <Warning> -- flowbit 'ET.vba-jpg-dl' is checked but not set. Checked in 2814992 and 0 other sigs
2025-05-19T13:47:40-07:00 Warning suricata [100500] <Warning> -- flowbit 'et.MS.XMLHTTP.ip.request' is checked but not set. Checked in 2022050 and 1 other sigs
2025-05-19T13:47:40-07:00 Warning suricata [100500] <Warning> -- flowbit 'et.IE7.NoRef.NoCookie' is checked but not set. Checked in 2023672 and 1 other sigs
2025-05-19T13:47:40-07:00 Warning suricata [100500] <Warning> -- flowbit 'et.WinHttpRequest' is checked but not set. Checked in 2019823 and 0 other sigs
2025-05-19T13:47:40-07:00 Warning suricata [100500] <Warning> -- flowbit 'exe.no.referer' is checked but not set. Checked in 2020500 and 0 other sigs
2025-05-19T13:47:40-07:00 Warning suricata [100500] <Warning> -- flowbit 'ET.SW.Bookmark' is checked but not set. Checked in 2061729 and 0 other sigs
2025-05-19T13:47:06-07:00 Notice suricata [724480] <Notice> -- This is Suricata version 7.0.10 RELEASE running in SYSTEM mode
#7
Intrusion Detection and Prevention / Re: opening devname netmap:igb8-2/R failed: Cannot allocate memory
May 16, 2025, 09:22:30 PM
Problem still exists in `25.1.6_4`
#8
Intrusion Detection and Prevention / Re: opening devname netmap:igb8-2/R failed: Cannot allocate memory
May 12, 2025, 06:31:43 PM
I am getting the same issues with 25.1.6. I can't get IDS or ZenArmor to start. Get that same error `Cannot allocate memory` but my tunables are set to as follows:

Code Select
dev.netmap.buf_num runtime 2000000 Automatically added by Zenarmor: Netmap Generic/Native Driver
dev.netmap.ring_num runtime 256 Requested number of netmap rings
dev.netmap.buf_size runtime 4096

This was working before the update.
#9
Intrusion Detection and Prevention / [SOLVED] Suricata 7 and AWS VPN Client
March 01, 2024, 05:49:28 PM
This fix can be found here:

Traffic blocked with reason: "applayer error"
https://forum.suricata.io/t/my-traffic-gets-blocked-after-upgrading-to-suricata-7/3745
#10
Intrusion Detection and Prevention / Suricata 7 and AWS VPN Client
March 01, 2024, 12:07:42 AM
In the latest OPNsense update, Suricata was downgraded to v7. AWS VPN Client has been working flawlessly up until this latest update and refuses to complete authentication with a TLS handshake error. Suricata does not show any 'blocked' alerts and even setting the policy to alert does not indicate any issues. But disabling IPS Mode or even temporarily disabling Suricata, AWS VPN Client functions as intended.

I also tried checking logs files, but nothing stands out in terms of what may be causing the block.

I am open up to ideas.
Pages1