Show Posts
1
Intrusion Detection and Prevention / Emulated Netmap Error - Brings down traffic
« on: May 29, 2024, 05:35:47 pm »
Hello,
I have been bashing my head against an issue for awhile, and haven't made any progress towards sorting it out.
I have OpnSense appliance in Azure, via Azure marketplace setup, most of it is working well.
I decided to look into enabling IPS mode, and did some research. I have to run in netmap emulated as the mlx5 drivers aren't supported natively.
When I click IPS Mode, traffic instantly drops, and the serial console is spammed with
609.065580 [4040] netmap_transmit hn0 drop mbuf that needs checksum offload
610.003591 [4040] netmap_transmit hn0 drop mbuf that needs checksum offload
611.009478 [4040] netmap_transmit hn0 drop mbuf that needs checksum offload
612.040543 [4040] netmap_transmit hn0 drop mbuf that needs checksum offload
613.342958 [4040] netmap_transmit hn0 drop mbuf that needs checksum offload
614.003359 [4040] netmap_transmit hn0 drop mbuf that needs checksum offload
615.009658 [4040] netmap_transmit hn0 drop mbuf that needs checksum offload
616.077680 [4040] netmap_transmit hn0 drop mbuf that needs checksum offload
617.187636 [4040] netmap_transmit hn0 drop mbuf that needs checksum offload
618.138480 [4040] netmap_transmit hn0 drop mbuf that needs checksum offload
619.094369 [4040] netmap_transmit hn0 drop mbuf that needs checksum offload
620.003259 [4040] netmap_transmit hn0 drop mbuf that needs checksum offload
621.004571 [4040] netmap_transmit hn0 drop mbuf that needs checksum offload
622.242291 [4040] netmap_transmit hn0 drop mbuf that needs checksum offload
623.040234 [4040] netmap_transmit hn0 drop mbuf that needs checksum offload
624.085616 [4040] netmap_transmit hn0 drop mbuf that needs checksum offload
625.003338 [4040] netmap_transmit hn0 drop mbuf that needs checksum offload
626.006703 [4040] netmap_transmit hn0 drop mbuf that needs checksum offload
626.006703 [4040] netmap_transmit hn0 drop mbuf that needs checksum offload
627.253350 [4040] netmap_transmit hn0 drop mbuf that needs checksum offload
628.065270 [4040] netmap_transmit hn0 drop mbuf that needs checksum offload
629.103258 [4040] netmap_transmit hn0 drop mbuf that needs checksum offload
630.027021 [4040] netmap_transmit hn0 drop mbuf that needs checksum offload
631.021919 [4040] netmap_transmit hn0 drop mbuf that needs checksum offload
632.033065 [4040] netmap_transmit hn0 drop mbuf that needs checksum offload
633.058783 [4040] netmap_transmit hn0 drop mbuf that needs checksum offload
634.151558 [4040] netmap_transmit hn0 drop mbuf that needs checksum offload
635.059621 [4040] netmap_transmit hn0 drop mbuf that needs checksum offload
636.080353 [4040] netmap_transmit hn0 drop mbuf that needs checksum offload
637.096998 [4040] netmap_transmit hn0 drop mbuf that needs checksum offload
I have 100% confirmed everywhere that ALL hardware offloading is disabled.
hn0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: WAN (wan)
options=80008<VLAN_MTU,LINKSTATE>
ether 00:22:48:3c:00:5b
inet 10.0.30.4 netmask 0xfffffff8 broadcast 10.0.30.7
media: Ethernet 100GBase-CR4 <full-duplex,rxpause,txpause>
status: active
I can't figure out for the life of me what is causing this error, I have read multiple posts on this form, and others about the error, but they were either because hardware offloading wasn't disabled, or some weird bug with IPv6 and wiregaurd.
Any help would be immensely appreciated.
I have been bashing my head against an issue for awhile, and haven't made any progress towards sorting it out.
I have OpnSense appliance in Azure, via Azure marketplace setup, most of it is working well.
I decided to look into enabling IPS mode, and did some research. I have to run in netmap emulated as the mlx5 drivers aren't supported natively.
When I click IPS Mode, traffic instantly drops, and the serial console is spammed with
609.065580 [4040] netmap_transmit hn0 drop mbuf that needs checksum offload
610.003591 [4040] netmap_transmit hn0 drop mbuf that needs checksum offload
611.009478 [4040] netmap_transmit hn0 drop mbuf that needs checksum offload
612.040543 [4040] netmap_transmit hn0 drop mbuf that needs checksum offload
613.342958 [4040] netmap_transmit hn0 drop mbuf that needs checksum offload
614.003359 [4040] netmap_transmit hn0 drop mbuf that needs checksum offload
615.009658 [4040] netmap_transmit hn0 drop mbuf that needs checksum offload
616.077680 [4040] netmap_transmit hn0 drop mbuf that needs checksum offload
617.187636 [4040] netmap_transmit hn0 drop mbuf that needs checksum offload
618.138480 [4040] netmap_transmit hn0 drop mbuf that needs checksum offload
619.094369 [4040] netmap_transmit hn0 drop mbuf that needs checksum offload
620.003259 [4040] netmap_transmit hn0 drop mbuf that needs checksum offload
621.004571 [4040] netmap_transmit hn0 drop mbuf that needs checksum offload
622.242291 [4040] netmap_transmit hn0 drop mbuf that needs checksum offload
623.040234 [4040] netmap_transmit hn0 drop mbuf that needs checksum offload
624.085616 [4040] netmap_transmit hn0 drop mbuf that needs checksum offload
625.003338 [4040] netmap_transmit hn0 drop mbuf that needs checksum offload
626.006703 [4040] netmap_transmit hn0 drop mbuf that needs checksum offload
626.006703 [4040] netmap_transmit hn0 drop mbuf that needs checksum offload
627.253350 [4040] netmap_transmit hn0 drop mbuf that needs checksum offload
628.065270 [4040] netmap_transmit hn0 drop mbuf that needs checksum offload
629.103258 [4040] netmap_transmit hn0 drop mbuf that needs checksum offload
630.027021 [4040] netmap_transmit hn0 drop mbuf that needs checksum offload
631.021919 [4040] netmap_transmit hn0 drop mbuf that needs checksum offload
632.033065 [4040] netmap_transmit hn0 drop mbuf that needs checksum offload
633.058783 [4040] netmap_transmit hn0 drop mbuf that needs checksum offload
634.151558 [4040] netmap_transmit hn0 drop mbuf that needs checksum offload
635.059621 [4040] netmap_transmit hn0 drop mbuf that needs checksum offload
636.080353 [4040] netmap_transmit hn0 drop mbuf that needs checksum offload
637.096998 [4040] netmap_transmit hn0 drop mbuf that needs checksum offload
I have 100% confirmed everywhere that ALL hardware offloading is disabled.
hn0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: WAN (wan)
options=80008<VLAN_MTU,LINKSTATE>
ether 00:22:48:3c:00:5b
inet 10.0.30.4 netmask 0xfffffff8 broadcast 10.0.30.7
media: Ethernet 100GBase-CR4 <full-duplex,rxpause,txpause>
status: active
I can't figure out for the life of me what is causing this error, I have read multiple posts on this form, and others about the error, but they were either because hardware offloading wasn't disabled, or some weird bug with IPv6 and wiregaurd.
Any help would be immensely appreciated.