Potential Suricata Inline Netmap Solution
(681.325066  netmap_grab_packets bad pkt at 975 len 2163) What I understand from that line is a packet of 2163 bytes was dropped because the default is dev.netmap.buf_size:2048 bytes. So, I increased the size, which made it work smoothly; however, if I reboot the Pfsense machine, I noticed that dev.netmap.buf_size:2048 returns.
So, how to make that increase permanent? I was even thinking of 6144 bytes buffer size since I have 8GB RAM.
![Screen Shot 2018-04-12 at 9.00.07 PM.png](/public/imported_attachments/1/Screen Shot 2018-04-12 at 9.00.07 PM.png)
![Screen Shot 2018-04-12 at 9.00.07 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2018-04-12 at 9.00.07 PM.png_thumb)
teamits last edited by
Will it work to add it on the System/Advanced/System Tunables page?
If not, a while back I had to edit something from Diagnostics/Edit File to fix a boot issue in a VM (long story and not relevant anymore).
Well, it seems that one can use the sysctl.conf to make it permanently per here: https://www.freebsd.org/doc/handbook/configtuning-sysctl.html
However, I was cautioned by one of the persons responsible for Netmap that large packet is a weird behavior and that I should contact Suricata folks. I did share with what was said here: https://forum.pfsense.org/index.php?topic=124331.0
So, I’ll stick with the buffer size 4096 bytes in the meanwhile.
Just updating the thread that the buffer size of 4096bytes is working flawlessly so far. Hopefully, this week I’ll find some time to stream a movie while simultaneously surf Flickr to further testing.
Well, yesterday I got one for the first time in two weeks running dev.netmap.buf_size:4096 and while loading a dot io web page.
Apr 23 12:47:31 kernel 651.457157  netmap_grab_packets bad pkt at 779 len 3770
So, I sent the info to the person on the developer team that I have been communicating with to get feedback.
Okay, to follow up, I haven’t got any kernel alert in awhile; however, what I understand is, it actually seems to be a Suricata issue as this happens in the context of a system call issued by the suricata process (pid 1071).
derpy456789 last edited by
Just wondering what kind of system/specs are you running suricata inline on and also did you change any setting inside the interface setting of suricata like the Detection engine settings for max pending packets ?
Ive been getting the same error
netmap_grab_packets bad pkt