Potential Suricata Inline Netmap Solution
-
(681.325066 [1071] netmap_grab_packets bad pkt at 975 len 2163) What I understand from that line is a packet of 2163 bytes was dropped because the default is dev.netmap.buf_size:2048 bytes. So, I increased the size, which made it work smoothly; however, if I reboot the Pfsense machine, I noticed that dev.netmap.buf_size:2048 returns.
So, how to make that increase permanent? I was even thinking of 6144 bytes buffer size since I have 8GB RAM.
![Screen Shot 2018-04-12 at 9.00.07 PM.png](/public/imported_attachments/1/Screen Shot 2018-04-12 at 9.00.07 PM.png)
![Screen Shot 2018-04-12 at 9.00.07 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2018-04-12 at 9.00.07 PM.png_thumb) -
Will it work to add it on the System/Advanced/System Tunables page?
If not, a while back I had to edit something from Diagnostics/Edit File to fix a boot issue in a VM (long story and not relevant anymore).
-
Well, it seems that one can use the sysctl.conf to make it permanently per here: https://www.freebsd.org/doc/handbook/configtuning-sysctl.html
However, I was cautioned by one of the persons responsible for Netmap that large packet is a weird behavior and that I should contact Suricata folks. I did share with what was said here: https://forum.pfsense.org/index.php?topic=124331.0
So, I'll stick with the buffer size 4096 bytes in the meanwhile. -
Just updating the thread that the buffer size of 4096bytes is working flawlessly so far. Hopefully, this week I'll find some time to stream a movie while simultaneously surf Flickr to further testing.
-
Well, yesterday I got one for the first time in two weeks running dev.netmap.buf_size:4096 and while loading a dot io web page.
Apr 23 12:47:31 kernel 651.457157 [1071] netmap_grab_packets bad pkt at 779 len 3770
So, I sent the info to the person on the developer team that I have been communicating with to get feedback.
-
Okay, to follow up, I haven't got any kernel alert in awhile; however, what I understand is, it actually seems to be a Suricata issue as this happens in the context of a system call issued by the suricata process (pid 1071).
-
Hello NollipfSense,
Just wondering what kind of system/specs are you running suricata inline on and also did you change any setting inside the interface setting of suricata like the Detection engine settings for max pending packets ?
Ive been getting the same error
netmap_grab_packets bad pkt
Thanks
-
@derpy456789 said in Potential Suricata Inline Netmap Solution:
Hello NollipfSense,
Just wondering what kind of system/specs are you running suricata inline on and also did you change any setting inside the interface setting of suricata like the Detection engine settings for max pending packets ?
Ive been getting the same error
netmap_grab_packets bad pkt
Thanks
Sorry for the late reply...I am running an HP Pavillion a6242n with Intel 82575 NIC 8GB RAM.