• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Suricata netmap_transmit error

Scheduled Pinned Locked Moved IDS/IPS
2 Posts 2 Posters 663 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • H
    HackedComputer
    last edited by Feb 12, 2018, 3:37 PM Feb 12, 2018, 3:34 PM

    Hey,

    I have been running pfSense+Snort within ESXi without a hiccup an Intel NIC is passed through directly via VT-d. Recently, I decided to give Suricata another go. I cloned the current setup, and deployed it under a different name. I removed Snort and installed Suricata. Spent the next few days configuring it in IPS Inline mode utilising Hyperscan. It has been running flawless for the past few weeks.

    My network setup as follows:

    Three VLANs:
    Management
    Secure Line (oVPN)
    VM (Unused)

    Three Physical:
    Untagged LAN
    WiFi
    WAN

    Suricata Listening on:
    WAN
    LAN
    WIFI

    The issue I am currently facing is that yesturday, I was unable to obtain a DHCP lease from Management, nor Secure Line. I gave the box a reset and had brief access. However, the console was found to be full of the following errors:

    If I set a Static IP on the management vlan, I am able to communicate with the ESXi interface, and other hosts. However, I am unable to communicate with pfSense interface.

    So far, I have been able to remotely dial in and access the interface. I found that if I disabled suricata on the LAN interface, things would return back to normal… So at this current time I have suricata only listening to the WAN interface, while the LAN and WiFi interface remain disabled.

    Anyone have any pointers as to what has caused these issues to start, and how do I go about rectifying it?

    Kindest Regards
    HC

    1 Reply Last reply Reply Quote 0
    • N
      NollipfSense
      last edited by Mar 5, 2018, 7:09 PM Mar 3, 2018, 8:03 PM

      It actually has nothing to do with Suricata and more to do with FreeBSD kernel and the NIC driver. I just recently experience the same issue and have submitted a bug report to FreeBSD…see here. https://forum.pfsense.org/index.php?topic=144538.0

      After researching, it seems that the dual Intel NIC is not natively supported per here: https://www.unix.com/man-page/freebsd/4/netmap/

      pfSense+ 23.09 Lenovo Thinkcentre M93P SFF Quadcore i7 dual Raid-ZFS 128GB-SSD 32GB-RAM PCI-Intel i350-t4 NIC, -Intel QAT 8950.
      pfSense+ 23.09 VM-Proxmox, Dell Precision Xeon-W2155 Nvme 500GB-ZFS 128GB-RAM PCIe-Intel i350-t4, Intel QAT-8950, P-cloud.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
        This community forum collects and processes your personal information.
        consent.not_received