Trying IPS for first time and it won't start with Mellanox and VLANS

Started by c-mu, December 20, 2021, 01:48:08 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
December 20, 2021, 01:48:08 PM
Hello, I've been monitoring my network traffic for a while with IDS and would now like to use IPS ON VLANS.

I have a Mellanox Connect 4 installed (I think  ::)) and get the following error message when starting with IPS:

This is my used driver.
Quotedev.mlx4_core.0.%pnpinfo: vendor=0x15b3 device=0x1007 subvendor=0x103c subdevice=0x801f class=0x020000
dev.mlx4_core.0.%location: slot=0 function=0 dbsf=pci0:1:0:0 handle=\_SB_.PCI0.PEG0.PEGP
dev.mlx4_core.0.%driver: mlx4_core
dev.mlx4_core.0.%desc: Mellanox driver (3.5.1)

All hardware offload settings are disabled. Can I actively do something, or is it a bug within the last realeses with 21.7.7?

This is the failure log notice:
Code Select
2021-12-19T06:48:30 suricata[73213] [100528] <Error> -- [ERRCODE: SC_ERR_NETMAP_CREATE(263)] - opening devname netmap:mlxen0_vlan949/R failed: Invalid argument

thanks a lot!
December 20, 2021, 05:40:14 PM #1 Last Edit: December 20, 2021, 05:44:16 PM by annoniempjuh
 when enable the help in Suricata:
"Select interface(s) to use. When enabling IPS, only use physical interfaces here (no vlans etc)."
December 22, 2021, 07:47:21 PM #2 Last Edit: December 22, 2021, 07:55:37 PM by c-mu
Unfortunately I had no luck, even with the VLAN base interface it does not start. The interface is enabled, but without IP configuration. Is this a problem?

Code Select

Date
Process
Line
2021-12-22T19:43:38 suricata[53599] [100212] <Error> -- [ERRCODE: SC_ERR_NETMAP_CREATE(263)] - opening devname netmap:mlxen0/R failed: Invalid argument
2021-12-22T19:43:24 suricata[53599] [101412] <Warning> -- [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'ET.genericphish' is checked but not set. Checked in 2850094 and 0 other sigs
2021-12-22T19:43:22 suricata[27836] [100138] <Notice> -- This is Suricata version 6.0.4 RELEASE running in SYSTEM mode
2021-12-22T19:43:22 suricata[20862] [100256] <Notice> -- Stats for 'mlxen0': pkts: 7313, drop: 0 (0.00%), invalid chksum: 0
2021-12-22T19:43:22 suricata[20862] [100256] <Notice> -- Signal Received. Stopping engine.

Edit:
Changing the pattern matcher to default or hyper scan does not change anything, even enabling or disabling Promiscuous mode.
Print
Go Up Pages1
User actions