Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Topics - jaylow

Pages1
#1
23.7 Legacy Series / Suricata stopped working after upgrade to 23.7(.2)
August 28, 2023, 12:56:04 PM
Hi,

after upgrading from 22.1.11 to 23.7 suricata fails to launch.

We see this error messages:
Error   suricata   [104583] <Error> -- [ERRCODE: SC_ERR_FATAL(171)] - opening devname netmap:ix1^3/T failed: Cannot allocate memory   
Error   suricata   [102114] <Error> -- [ERRCODE: SC_ERR_FATAL(171)] - opening devname netmap:ix1^3/T failed: Cannot allocate memory

Seems that the 10Gbit interfaces could not be handled correctly. Suricata is configured to run in inline mode (IPS).

After returning to 22.1.11 everything was fine again.

Regards,
Josef
#2
23.1 Legacy Series / Suricata can`t start in IPS mode
March 10, 2023, 09:54:40 PM
Hi,

on my installation with opnsense 23.1.3 and suricata 6.0.9_1 i can not start suricata in IPS mode with more than two interfaces.

The following error was logged:
... [ERRCODE: SC_ERR_NETMAP_CREATE(263)] - opening devname netmap:igbX/T failed: Cannot allocate memory

"sysctl -a | grep -i netmap" shows
netmap_obj_malloc         no more netmap_buf objects
netmap_new_bufs           no more buffers after 581 of 1024
netmap_mem2_rings_create  Cannot allocate buffers for RX_ring

Finally the active settings for netmap (should be the default ones):
dev.netmap.iflib_rx_miss_bufs: 3786
dev.netmap.iflib_rx_miss: 2000
dev.netmap.iflib_crcstrip: 1
dev.netmap.max_bridges: 8
dev.netmap.bridge_batch: 1024
dev.netmap.default_pipes: 0
dev.netmap.priv_buf_num: 4098
dev.netmap.priv_buf_size: 2048
dev.netmap.buf_curr_num: 10823
dev.netmap.buf_num: 163840
dev.netmap.buf_curr_size: 2048
dev.netmap.buf_size: 2048
dev.netmap.priv_ring_num: 4
dev.netmap.priv_ring_size: 20480
dev.netmap.ring_curr_num: 200
dev.netmap.ring_num: 200
dev.netmap.ring_curr_size: 73728
dev.netmap.ring_size: 73728
dev.netmap.priv_if_num: 2
dev.netmap.priv_if_size: 1024
dev.netmap.if_curr_num: 100
dev.netmap.if_num: 100
dev.netmap.if_curr_size: 1024
dev.netmap.if_size: 1024
dev.netmap.ptnet_vnet_hdr: 1
dev.netmap.generic_rings: 1
dev.netmap.generic_ringsize: 1024
dev.netmap.generic_mit: 100000
dev.netmap.generic_hwcsum: 0
dev.netmap.admode: 0
dev.netmap.fwd: 0
dev.netmap.txsync_retry: 2
dev.netmap.no_pendintr: 1
dev.netmap.no_timestamp: 0
dev.netmap.verbose: 0

The nics are Intel i350 and i210. Promiscuous mode is deactivated. Zenarmor is not installed.

Maybe this problem is relatable with this one: https://redmine.openinfosecfoundation.org/issues/5744

Many thanks in advance ;-)

Regards,
Josef
Pages1