Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    netmap_ring_reinit called for

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 2 Posters 848 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      newUser2pfSense
      last edited by newUser2pfSense

      2.4.5-RELEASE (amd64)
      suricata 5.0.2_2
      pfBlockerNG-devel 2.2.5_32
      openvpn-client-export 1.4.23
      nmap 1.4.4_1

      I noticed my WLAN was blocking my iPhone/iPad from getting to the App store, using the Weather app, displaying email inconsistencies, etc... I had seen this before when pfSense began to display on the console and in Status > System Logs > System > General the following messages:

      kernel 488.833167 [1766] netmap_ring_reinit called for igb0 TX8
      kernel 488.833182 [1660] nm_txsync_prologue igb0 TX8: fail 'cur < head || cur > kring->rtail' h 226 c 227 t 226 rh 226 rc 227 rt 226 hc 227 ht 226

      I'm not sure if what I'm seeing with my iPhone/iPad has anything to do with the above messages, but I had to restart pfSense for everything to work properly again. Would anyone happen to know what may be causing the above messages and how to correct it? Any suggestions would be helpful. Thank you.

      1 Reply Last reply Reply Quote 0
      • bmeeksB
        bmeeks
        last edited by

        Your NIC is not behaving well with the netmap kernel device used by Suricata when you enable Inline IPS Mode. Switch to Legacy Mode blocking and those netmap messages will disappear.

        However, that particular error is not necessarily why you can't reach certain web destinations. If you do not fully understand the ramifications of the various Suricata rules you select and enable, or if you do not fully understand the potential ramifications of all the IP address block lists you enable in pfBlockerNG-devel, then seeminly random blocks will happen and they could be from either package (Suricata or pfBlockerNG-devel).

        Go examine the alert logs for both Suricata and pfBlockerNG-devel and see if either of them blocked an IP address one of your iOS devices tried to contact.

        1 Reply Last reply Reply Quote 0
        • N
          newUser2pfSense
          last edited by newUser2pfSense

          I remember there were system tunables for netmap_grab_packets errors for Suricata Inline IPS mode. I copied that info down and I created those tunables for my interfaces. There were also <shellcomd> lines that needed to be copied and saved to the /cf/conf/config.xml file. I checked this file and the area that those lines needed to be copied and saved to doesn't appear to exist any longer.

          The System Tunables I added, X being the igb interface number:
          dev.igb.X.fc [disable flow control]
          dev.igb.X.eee_disabled [disable energy efficient ethernet]

          I've been watching the Suricata and pfBlockerNG-devel logs and nothing stood out except what I found in the System log file. Hopefully the system tunables will help.

          N 1 Reply Last reply Reply Quote 0
          • N
            newUser2pfSense @newUser2pfSense
            last edited by newUser2pfSense

            Update...

            I upgraded pfSense and Suricata to:
            pfSense 2.5.0-RELEASE (amd64)
            FreeBSD 12.2-STABLE
            Suricata 6.0.0_9

            Interestingly, I'm still receiving the entries in the system logs as my initial post, however, not to the degree that I was receiving them when I first posted the issue.

            I find that this is only occurring on my wireless LAN segment where a lot of streaming is occurring; Hulu, YouTube, etc.

            I had hoped that the pfSense and Suricata updates would have resolved the issue. Hmmm.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.