Issue with Suricata and interface

Started by aimdev, January 31, 2022, 12:44:15 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
January 31, 2022, 12:44:15 PM
Started suricata in ids mode, interface em0 wan.

On the console (direct connection) got a lot of
arpresolver: cannot allocate llinfo for xxx.xxx.xxx.xxx on em0
link state went down then up twice before I disabled suricata.

Messages were not found in gui syslog, despite the syslog option enabled in suricata administration

NIC's on the system are Intel.
Hardware options CRC/TSO/LRO are not disabled. (ie enabled)
January 31, 2022, 01:49:45 PM #1
Normally cryptic "arpresolver: cannot allocate llinfo for xxx.xxx.xxx.xxx on em0" means your gateway lies outside the subnet of your assigned address on em0. Doesn't have anything to do with IDS.


Cheers,
Franco
January 31, 2022, 04:10:55 PM #2
The gateway is on xxx.xxx.0.1, opnsense uses dhcp, with a locked address of xxx.xxx.0.64.
The mask is 255.255.255.0/24 (as set in the upstream device).
There are no errors when suricata is disabled.

One other factor is em0 is placed in to promiscuous mode when suricata is enabled, I assume this is normal.
This issue may have been present in earlier versions, however as the console is not connected to opnsense on a regular basis, only during upgrades, it would have been missed.
Also the missing logs is a bit of a concern, though I am happy to be corrected if I have missed something.
May 12, 2022, 09:19:48 PM #3
Hi,

I have such issue on 22.1.7_1
Updated from version 21.7.8

When suricata is is activated "link state changed to down/up" and "arpresolver: cannot allocate llinfo for xxx.xxx.xxx.xxx on em0" is constantly occuring, it's not a problem.
But the strangest thing - router became unstable, GUI unaccessible because computer is loosing wifi connection when intrusion detection is enabled.
Everything disappear when suricata is disabled.
Is it possible that IDS cause such problems?
May 13, 2022, 07:58:02 AM #4
Might be a driver issue with MAC spoofing as suggested by others.


Cheers,
Franco
July 06, 2022, 10:39:47 PM #5
Hi,

Is this issue solved?
July 07, 2022, 03:32:00 PM #6
Hi,

updated to 22.1.9 today, have Standard Intel I211 Interfaces in my Box, and have this issue still as well...

Would also be interrested how to get this solved???
Cheers,
Crissi
Print
Go Up Pages1
User actions