Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - Jargriddle

Pages1
#1
25.1, 25.4 Production Series / Suricata in IPS mode fails to start after 25.1.11 upgrade w/ RSS.
July 21, 2025, 03:45:23 PM
Greetings,

I am having issues with Suricata allocating host-rings after an upgrade to 25.1.11. This was working before an upgrade of OPNsense from version 25.1.6_4.

I am running RSS.

2025-07-20T04:12:28   Error   suricata   [105418] <Error> -- opening devname netmap:ix1-0/R@conf:host-rings=8 failed: Invalid argument

OPNsense 25.1.11-amd64
FreeBSD 14.2-RELEASE-p4
OpenSSL 3.0.17
Intel(R) Atom(TM) CPU C3758 @ 2.20GHz (8 cores, 8 threads)
dev.ix.1.%desc: Intel(R) X553 N (SFP+)
net.inet.rss.bucket_mapping: 0:0 1:1 2:2 3:3 4:4 5:5 6:6 7:7
net.inet.rss.enabled: 1
net.inet.rss.debug: 0
net.inet.rss.basecpu: 0
net.inet.rss.buckets: 8
net.inet.rss.maxcpus: 64
net.inet.rss.ncpus: 8
net.inet.rss.maxbits: 7
net.inet.rss.mask: 7
net.inet.rss.bits: 3
net.inet.rss.hashalgo: 2
hw.bxe.udp_rss: 0
hw.ix.enable_rss: 1
net.isr.numthreads: 8
net.isr.maxprot: 16
net.isr.defaultqlimit: 256
net.isr.maxqlimit: 10240
net.isr.bindthreads: 1
net.isr.maxthreads: 8
net.isr.dispatch: hybrid

Configuration:
Setting                        Current        Limit
Thread count                         8            8
Default queue limit                256        10240
Dispatch policy                 hybrid          n/a
Threads bound to CPUs          enabled          n/a
Netstat also properly delays 8 queues.

Anyone have any ideas that aren't turning off RSS? I believe that netmap is going to want a host ring per queue if there are muliple queues, but frankly getting a bit out of my depth here. Any assistance would be appreciated.

Thanks.
Pages1