What Caused the Crash

NollipfSense

Twice now my Pfsense 2.4.3 crashed, once yesterday and this morning…syslog doesn't seems to be aware either!

Apr 11 08:43:58 pfSense suricata[58624]: [1:2200094:2] SURICATA zero length padN option [Classification: Generic Protocol Command Decode] [Priority: 3] {IPV6-ICMP} fe80:0000:0000:0000:6ead:f8ff:fe8f:2729:143 -> ff02:0000:0000:0000:0000:0000:0000:0016:0
Apr 11 08:45:12 pfSense syslogd: kernel boot file is /boot/kernel/kernel
Apr 11 08:45:12 pfSense kernel: Copyright 1992-2017 The FreeBSD Project.
Apr 11 08:45:12 pfSense kernel: Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
Apr 11 08:45:12 pfSense kernel: The Regents of the University of California. All rights reserved.
Apr 11 08:45:12 pfSense kernel: FreeBSD is a registered trademark of The FreeBSD Foundation.
Apr 11 08:45:12 pfSense kernel: FreeBSD 11.1-RELEASE-p7 #10 r313908+986837ba7e9(RELENG_2_4): Mon Mar 26 18:08:25 CDT 2018

Between 8:43 and 8:45 what happened? It did it again 09:25:56 - 09:27:25

Apr 11 09:25:53 pfSense suricata[97974]: [1:2200007:2] SURICATA IPv4 padding required  [Classification: Generic Protocol Command Decode] [Priority: 3] {IGMP} 192.168.10.1:0 -> 224.0.1.178:0
Apr 11 09:25:53 pfSense suricata[97974]: [1:2200007:2] SURICATA IPv4 padding required  [Classification: Generic Protocol Command Decode] [Priority: 3] {IGMP} 192.168.0.10:0 -> 224.0.0.22:0
Apr 11 09:25:53 pfSense suricata[97974]: [1:2200007:2] SURICATA IPv4 padding required  [Classification: Generic Protocol Command Decode] [Priority: 3] {IGMP} 192.168.10.1:0 -> 224.0.0.22:0
Apr 11 09:25:56 pfSense suricata[97974]: [1:2200094:2] SURICATA zero length padN option [Classification: Generic Protocol Command Decode] [Priority: 3] {IPV6-ICMP} fe80:0000:0000:0000:0218:4dff:feff:ff07:143 -> ff02:0000:0000:0000:0000:0000:0000:0016:0
Apr 11 09:25:56 pfSense suricata[97974]: [1:2200094:2] SURICATA zero length padN option [Classification: Generic Protocol Command Decode] [Priority: 3] {IPV6-ICMP} fe80:0000:0000:0000:6ead:f8ff:fe8f:2729:143 -> ff02:0000:0000:0000:0000:0000:0000:0016:0
Apr 11 09:27:25 pfSense syslogd: kernel boot file is /boot/kernel/kernel
Apr 11 09:27:25 pfSense kernel: Copyright 1992-2017 The FreeBSD Project.
Apr 11 09:27:25 pfSense kernel: Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
Apr 11 09:27:25 pfSense kernel: The Regents of the University of California. All rights reserved.
Apr 11 09:27:25 pfSense kernel: FreeBSD is a registered trademark of The FreeBSD Foundation.
Apr 11 09:27:25 pfSense kernel: FreeBSD 11.1-RELEASE-p7 #10 r313908+986837ba7e9(RELENG_2_4): Mon Mar 26 18:08:25 CDT 2018
Apr 11 09:27:25 pfSense kernel: root@buildbot2.netgate.com:/builder/ce-243/tmp/obj/builder/ce-243/tmp/FreeBSD-src/sys/pfSense amd64
Apr 11 09:27:25 pfSense kernel: FreeBSD clang version 5.0.1 (tags/RELEASE_501/final 320880) (based on LLVM 5.0.1)
Apr 11 09:27:25 pfSense kernel: VT(vga): resolution 640x480
Apr 11 09:27:25 pfSense kernel: CPU: AMD Athlon(tm) 64 X2 Dual Core Processor 6000+ (3114.43-MHz K8-class CPU)
Apr 11 09:27:25 pfSense kernel: Origin="AuthenticAMD"  Id=0x60fb2  Family=0xf  Model=0x6b  Stepping=2
Apr 11 09:27:25 pfSense kernel: Features=0x178bfbff <fpu,vme,de,pse,tsc,msr,pae,mce,cx8,apic,sep,mtrr,pge,mca,cmov,pat,pse36,clflush,mmx,fxsr,sse,sse2,htt>Apr 11 09:27:25 pfSense kernel: Features2=0x2001 <sse3,cx16>Apr 11 09:27:25 pfSense kernel: AMD Features=0xea500800 <syscall,nx,mmx+,ffxsr,rdtscp,lm,3dnow!+,3dnow!>Apr 11 09:27:25 pfSense kernel: AMD Features2=0x11f <lahf,cmp,svm,extapic,cr8,prefetch>Apr 11 09:27:25 pfSense kernel: SVM: NAsids=64
Apr 11 09:27:25 pfSense kernel: real memory  = 8589934592 (8192 MB)
Apr 11 09:27:25 pfSense kernel: avail memory = 8176082944 (7797 MB)
Apr 11 09:27:25 pfSense kernel: Event timer "LAPIC" quality 100
Apr 11 09:27:25 pfSense kernel: ACPI APIC Table: <nvidia nvdaacpi="">Apr 11 09:27:25 pfSense kernel: FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs</nvidia></lahf,cmp,svm,extapic,cr8,prefetch></syscall,nx,mmx+,ffxsr,rdtscp,lm,3dnow!+,3dnow!></sse3,cx16></fpu,vme,de,pse,tsc,msr,pae,mce,cx8,apic,sep,mtrr,pge,mca,cmov,pat,pse36,clflush,mmx,fxsr,sse,sse2,htt>

NogBadTheBad

https://forum.pfsense.org/index.php?topic=124331.0

Maybe try switching off 1:2200094 and see if the issues go away.

NollipfSense

@NogBadTheBad:

https://forum.pfsense.org/index.php?topic=124331.0

Maybe try switching off 1:2200094 and see if the issues go away.

Thank you NogBadTheBad for responding…I switched off both 1:2200094 and 1:2200007 which were ICMP and IGMP as I was getting a lot (my neighbor and I share the Internet and those are their nosy devices). The reason for the crash is still unknown though.

It's very interesting that you posted a link to problems with Netmap despite I am running legacy mode as I would like inline mode. Learned today that lines such as this (Jan 21 20:33:58  kernel      438.215029 [1162] netmap_grab_packets bad pkt at 536 len 2331) that Suricata seems to be transmitting a packet (2331 bytes) to the "Host TX ring" which default size is 1500 bytes so it gets dropped.

NollipfSense

I finally found out what was causing the crash…seems my motherboard was dying, and today it went belly up!