4. Potential Suricata Inline Netmap Solution

Potential Suricata Inline Netmap Solution


  • (681.325066 [1071] netmap_grab_packets      bad pkt at 975 len 2163) What I understand from that line is a packet of 2163 bytes was dropped because the default is dev.netmap.buf_size:2048 bytes. So, I increased the size, which made it work smoothly; however, if I reboot the Pfsense machine, I noticed that dev.netmap.buf_size:2048 returns.

    So, how to make that increase permanent? I was even thinking of 6144 bytes buffer size since I have 8GB RAM.
    ![Screen Shot 2018-04-12 at 9.00.07 PM.png](/public/imported_attachments/1/Screen Shot 2018-04-12 at 9.00.07 PM.png)
    ![Screen Shot 2018-04-12 at 9.00.07 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2018-04-12 at 9.00.07 PM.png_thumb)

    0
  • T

    Will it work to add it on the System/Advanced/System Tunables page?

    If not, a while back I had to edit something from Diagnostics/Edit File to fix a boot issue in a VM (long story and not relevant anymore).

    0

  • Well, it seems that one can use the sysctl.conf to make it permanently per here: https://www.freebsd.org/doc/handbook/configtuning-sysctl.html

    However, I was cautioned by one of the persons responsible for Netmap that large packet is a weird behavior and that I should contact Suricata folks. I did share with what was said here: https://forum.pfsense.org/index.php?topic=124331.0
    So, I'll stick with the buffer size 4096 bytes in the meanwhile.

    0

  • Just updating the thread that the buffer size of 4096bytes is working flawlessly so far. Hopefully, this week I'll find some time to stream a movie while simultaneously surf Flickr to further testing.

    0

  • Well, yesterday I got one for the first time in two weeks running dev.netmap.buf_size:4096 and while loading a dot io web page.

    Apr 23 12:47:31 kernel 651.457157 [1071] netmap_grab_packets bad pkt at 779 len 3770

    So, I sent the info to the person on the developer team that I have been communicating with to get feedback.

    0

  • Okay, to follow up, I haven't got any kernel alert in awhile; however, what I understand is, it actually seems to be a Suricata issue as this happens in the context of a system call issued by the suricata process (pid 1071).

    0
  • D

    Hello NollipfSense,

    Just wondering what kind of system/specs are you running suricata inline on and also did you change any setting inside the interface setting of suricata like the Detection engine settings for max pending packets ?

    Ive been getting the same error

    netmap_grab_packets bad pkt

    Thanks

    0 1 Reply

  • @derpy456789 said in Potential Suricata Inline Netmap Solution:

    Hello NollipfSense,

    Just wondering what kind of system/specs are you running suricata inline on and also did you change any setting inside the interface setting of suricata like the Detection engine settings for max pending packets ?

    Ive been getting the same error

    netmap_grab_packets bad pkt

    Thanks

    Sorry for the late reply...I am running an HP Pavillion a6242n with Intel 82575 NIC 8GB RAM.

    0
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy