netmap buf size >= 4096 required?

Started by JohnnyBeee, September 02, 2023, 04:06:35 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
September 02, 2023, 04:06:35 AM
In the system log I see the following message:
Notice   kernel   518.293049 [2226] netmap_buf_size_validate error: using NS_MOREFRAG on igb0 requires netmap buf size >= 4096

Could anybody enlighten me as to what that means?
How, if required, would I set the netmap buf size to >= 4096?

Thanks for any help.
September 02, 2023, 05:58:55 PM #1
QuoteNotice   kernel   518.293049 [2226] netmap_buf_size_validate error: using NS_MOREFRAG on igb0 requires netmap buf size >= 4096
Is this on a FW with Zenarmor ? Trying to understand where the message is coming from.



First modify the buffer size on the fly and check the results:

The default value seems to be 2048, check with
Code Select
sysctl -a |grep netmap


You can modify it with this command

Code Select
sysctl dev.netmap.buf_size=4096

and the output should be this
Quoteroot@OPNsense:~ # sysctl dev.netmap.buf_size=4096
dev.netmap.buf_size: 2048 -> 4096


If everything looks good you can add a Tunable in the GUI for persistency,

https://man.freebsd.org/cgi/man.cgi?query=netmap&sektion=4

September 04, 2023, 03:23:39 AM #2
Thanks for the detailed instructions.

No Zenarmor on this firewall.

I followed your instructions and now the message is gone.
But still no idea what caused it.

September 04, 2023, 05:50:35 AM #3
It appears Suricata now requires at least a value of >=4096 and the default netmap buffer size needs to be adjusted for it at the very least.

Can only hope Franco will chime in on this. After I skimmed through the man page I'm not sure if the buffer size is related or set depending on the amount of RAM present on the machine and what are the pros/cons of setting a higher value than 4096
September 07, 2023, 03:56:04 AM #4
Gonna bump this once as I'm still wondering if increasing the buffer size would be beneficial and in which conditions.
September 08, 2023, 10:47:59 AM #5
Sounds like jumbo packets. MTU for interface running IPS is set to what?


Cheers,
Franco
May 02, 2024, 09:56:45 PM #6
Another bump for this... issue.

Only occurs when LAN is selected, works fine on WAN alone.

error
Code Select
<Error> -- opening devname netmap:igb1-0/R@conf:host-rings=4 failed: Device busy

I do have Zenarmor installed

All interface MTU's have been left blank.

I set netmap buff_size to 4096, error continues.
May 03, 2024, 08:25:34 AM #7
Isn't this a completely different error message? One that tells you that you have Zenarmor running on this interface already??? ;)


Cheers,
Franco
Print
Go Up Pages1
User actions