IPS mode freezing OPNsense

[morphxyz]

I have Suricata enabled. I get the Alerts and everything works as expected.

As soon i turn on IPS mode, the complete OPNsense machine freezes.
Has anyone experienced that before? What was your solution?

Hardware CRC, TSO and LRO disabled. NO vlan hardware filtering.

I have tried different Pattern matchers and promiscuous mode.

I tried to delete custom tunables aswell:
net.isr.maxthreads=-1
net.isr.dispatch=deferred
net.isr.bindthreads=1

with no luck.
Ryzen 7700 with a bnxt card and driver.

I wonder if it has anything to do with the driver.. I load it with a tuneable "if_bnxt_load=YES"

I see no errors in the log files in the frontend. Guess the logging freezes too.

I can mount the zfs pool and edit the config.xml file to disable IPS mode and everything works as expected, again! But I'd really like to use suricata in IPS mode, obviously so..

Any help or ideas appreciated!

[JL]

don't try tuning network cards


unless somehow the driver is very broken and the system deadlocks there should be output in /var/log for causing the freeze

did you try inserting a different network card ?

bnxtload suggest this is a server network card with multiple nic ?

since you mention the ZFS pool, is this by any chance opnsense running in a VM ?