opening devname netmap:igb8-2/R failed: Cannot allocate memory

[crit]

Dear Support Team,

I am experiencing an issue with the Intrusion Detection system on my OPNsense setup. The error message from the log file is as follows:

2025-04-16T13:01:15 Error suricata [111750] <Error> -- opening devname netmap:igb8-2/R failed: Cannot allocate memory

Currently, my OPNsense system is configured with six interfaces.
However, when I attempt to select more than three interfaces in the Administration section, the service fails to start and displays the aforementioned error message.

Could you please assist me in resolving this issue?

Thank you for your support.

Best regards,
Sergei

[WorldDrknss]

I am getting the same issues with 25.1.6. I can't get IDS or ZenArmor to start. Get that same error `Cannot allocate memory` but my tunables are set to as follows:

Code Select Expand

dev.netmap.buf_num runtime 2000000 Automatically added by Zenarmor: Netmap Generic/Native Driver
dev.netmap.ring_num runtime 256 Requested number of netmap rings
dev.netmap.buf_size runtime 4096

This was working before the update.

[WorldDrknss]

Problem still exists in `25.1.6_4`

[WorldDrknss]

Working previous to 25.1.6 Update
Still present in `25.1.7`
Even running in emulation mode still fails with the same response.
The same results in Zenarmor logs (as both utilize netmap)

Code Select Expand

2025-05-19T13:49:35-07:00 Error suricata [756715] <Error> -- opening devname netmap:lagg0/R failed: Cannot allocate memory
2025-05-19T13:47:40-07:00 Warning suricata [100500] <Warning> -- flowbit 'http.dottedquadhost' is checked but not set. Checked in 2021076 and 0 other sigs
2025-05-19T13:47:40-07:00 Warning suricata [100500] <Warning> -- flowbit 'et.JavaArchiveOrClass' is checked but not set. Checked in 2017761 and 0 other sigs
2025-05-19T13:47:40-07:00 Warning suricata [100500] <Warning> -- flowbit 'ET.DMTP_Protocol' is checked but not set. Checked in 2858384 and 0 other sigs
2025-05-19T13:47:40-07:00 Warning suricata [100500] <Warning> -- flowbit 'ET.wininet.UA' is checked but not set. Checked in 2021312 and 0 other sigs
2025-05-19T13:47:40-07:00 Warning suricata [100500] <Warning> -- flowbit 'et.MS.WinHttpRequest.no.exe.request' is checked but not set. Checked in 2022653 and 0 other sigs
2025-05-19T13:47:40-07:00 Warning suricata [100500] <Warning> -- flowbit 'ET.vba-jpg-dl' is checked but not set. Checked in 2814992 and 0 other sigs
2025-05-19T13:47:40-07:00 Warning suricata [100500] <Warning> -- flowbit 'et.MS.XMLHTTP.ip.request' is checked but not set. Checked in 2022050 and 1 other sigs
2025-05-19T13:47:40-07:00 Warning suricata [100500] <Warning> -- flowbit 'et.IE7.NoRef.NoCookie' is checked but not set. Checked in 2023672 and 1 other sigs
2025-05-19T13:47:40-07:00 Warning suricata [100500] <Warning> -- flowbit 'et.WinHttpRequest' is checked but not set. Checked in 2019823 and 0 other sigs
2025-05-19T13:47:40-07:00 Warning suricata [100500] <Warning> -- flowbit 'exe.no.referer' is checked but not set. Checked in 2020500 and 0 other sigs
2025-05-19T13:47:40-07:00 Warning suricata [100500] <Warning> -- flowbit 'ET.SW.Bookmark' is checked but not set. Checked in 2061729 and 0 other sigs
2025-05-19T13:47:06-07:00 Notice suricata [724480] <Notice> -- This is Suricata version 7.0.10 RELEASE running in SYSTEM mode


[WorldDrknss]

I got this up and running again by setting the following in tunables

Code Select Expand

dev.netmap.buf_num: 1000000
dev.netmap.admode: 0
dev.netmap.ring_num: 256
dev.netmap.buf_size: 4096

and then setting the MTU (instead of leaving blank) the interfaces to 1500.

Reboot Opnsense