Suricata & netmap errors

ivve

Hi,

I just wanted to share my solution to a rather critical error I encountered.
Long story short, using 2.3.x or 2.4.x with suricata inline mode i got a "netmap_transmit <nic>full hwcur 51 hwtail 198 qlen 364 len…." error.
This caused my WAN interface to die off, seems like there was some vlan problem.. but always related to the error above and it appeared when inline mode was enabled.
I had a hard time to reproduce it but it would happen every 1-2 days or when someone connected to the openvpn (but not always).
One of the hardwares is a vmware guest using the e1000 nic or vmxnet3 (em0). The other is a rather old zotac internal mATX nic (re0).

Anyways, the solution was to force the netmap to the emulated mode: dev.netmap.admode 2
As it can be read about in the netmap manual for freebsd.
This setting can be enabled by simply entering the string & value under System > Advanced > System Tunables.

I posted it under reddit as well, although a shorter version: https://www.reddit.com/r/PFSENSE/comments/75vamu/suricata_inline_mode_netmap/

Another person solved it for his hardware with another tunable, but that is probably not applicable to any network card.</nic>

antilog

This seemed to work for my SG-2220 at first, but pfSense wouldn't stay online for very long before rebooting.

JasonAU

It would be interesting to keep a forum sticky as to what hardware this works for people on, I have the Intel i211AT on the pcengines APUC4