Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
17.1 Legacy Series
»
17.1.2 new re driver + suricata + IPS = kernel panic
« previous
next »
Print
Pages: [
1
]
Author
Topic: 17.1.2 new re driver + suricata + IPS = kernel panic (Read 6404 times)
interfaSys
Full Member
Posts: 165
Karma: 13
17.1.2 new re driver + suricata + IPS = kernel panic
«
on:
March 18, 2017, 03:40:26 pm »
Do not turn on IPS mode in Suricata when using the new re driver because emulated netmap crashes the OS.
See:
https://redmine.openinfosecfoundation.org/issues/1688
What we need is a patched Realtek driver with netmap support.
I didn't manage to patch it last year, but I'm not a driver engineer.
The alternative would be to let people pick the driver they want to use.
«
Last Edit: March 19, 2017, 03:08:30 pm by interfaSys
»
Logged
franco
Administrator
Hero Member
Posts: 17665
Karma: 1611
Re: 17.1.2 new re driver + suricata = kernel panic
«
Reply #1 on:
March 18, 2017, 04:29:24 pm »
Please provide:
* The kernel panic on 17.1.2 or later.
* The hardware specs of your device.
The ticket linked mentions OPNsense 16.1, that was FreeBSD 10.2.
I don't exactly know where this comes from, because an APU1D runs fine for me...
Cheers,
Franco
Logged
franco
Administrator
Hero Member
Posts: 17665
Karma: 1611
Re: 17.1.2 new re driver + suricata = kernel panic
«
Reply #2 on:
March 18, 2017, 05:48:40 pm »
This is a bit difficult to track, the actual conversation and details are here:
https://github.com/opnsense/core/issues/1481
For now, we would like to ask others with a
Zotac ci323
to let us know if they use the Intrusion Detection IPS mode successfully or not.
We are suspecting a netmap issue and will try a newer netmap version to see if that helps.
Thanks,
Franco
Logged
csmall
Full Member
Posts: 121
Karma: 5
Re: 17.1.2 new re driver + suricata = kernel panic
«
Reply #3 on:
March 18, 2017, 07:02:05 pm »
I'm using the new driver on a Zotac Ri531 and it doesn't crash the OS with suricata on.
I have trouble with ET rules but not a kernel panic.
Logged
rgo
Newbie
Posts: 27
Karma: 1
Re: 17.1.2 new re driver + suricata + IPS = kernel panic
«
Reply #4 on:
March 22, 2017, 07:45:53 pm »
I am using J1900 with Intel Ethernet drivers and when you turn on IPS in Suricata, then IPv6 goes away! IPv6 stops working but IPv4 stays working. As soon as you turn off IPS in Suricata then IPv6 starts working again. IPv4 works with IPS on or off. If Suricata is enabled but with IPS off then both IPv4 and IPv6 work. This holds true for 17.1.2 and also in 17.1.3!
Logged
btd
Newbie
Posts: 8
Karma: 0
Re: 17.1.2 new re driver + suricata + IPS = kernel panic
«
Reply #5 on:
March 29, 2017, 08:00:39 pm »
Hi.
I'am using Zotac ci323. I have 250/20 Mbps connection.
opnsense 17.1.3
When I turn on intrusion detection everything works fine. When I turn IPS mode on, download speeds slows down from 10 MB/s to ~1,2MB/s.
What should I post more?
shot from monitor connected to zotac
https://goo.gl/photos/JHRnLuhu5LfR8MLb8
Logged
franco
Administrator
Hero Member
Posts: 17665
Karma: 1611
Re: 17.1.2 new re driver + suricata + IPS = kernel panic
«
Reply #6 on:
March 29, 2017, 08:02:18 pm »
Have you turned off hardware checksum features?
Logged
btd
Newbie
Posts: 8
Karma: 0
Re: 17.1.2 new re driver + suricata + IPS = kernel panic
«
Reply #7 on:
March 29, 2017, 08:11:23 pm »
Yes, all turned off and zotac restarted.
I forgot to mention: after some time, with ips turned on, connection to internet dies.
«
Last Edit: March 29, 2017, 08:14:11 pm by btd
»
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
17.1 Legacy Series
»
17.1.2 new re driver + suricata + IPS = kernel panic