netmap_ring_reinit called for
-
2.4.5-RELEASE (amd64)
suricata 5.0.2_2
pfBlockerNG-devel 2.2.5_32
openvpn-client-export 1.4.23
nmap 1.4.4_1I noticed my WLAN was blocking my iPhone/iPad from getting to the App store, using the Weather app, displaying email inconsistencies, etc... I had seen this before when pfSense began to display on the console and in Status > System Logs > System > General the following messages:
kernel 488.833167 [1766] netmap_ring_reinit called for igb0 TX8
kernel 488.833182 [1660] nm_txsync_prologue igb0 TX8: fail 'cur < head || cur > kring->rtail' h 226 c 227 t 226 rh 226 rc 227 rt 226 hc 227 ht 226I'm not sure if what I'm seeing with my iPhone/iPad has anything to do with the above messages, but I had to restart pfSense for everything to work properly again. Would anyone happen to know what may be causing the above messages and how to correct it? Any suggestions would be helpful. Thank you.
-
Your NIC is not behaving well with the
netmapkernel device used by Suricata when you enable Inline IPS Mode. Switch to Legacy Mode blocking and thosenetmapmessages will disappear.However, that particular error is not necessarily why you can't reach certain web destinations. If you do not fully understand the ramifications of the various Suricata rules you select and enable, or if you do not fully understand the potential ramifications of all the IP address block lists you enable in pfBlockerNG-devel, then seeminly random blocks will happen and they could be from either package (Suricata or pfBlockerNG-devel).
Go examine the alert logs for both Suricata and pfBlockerNG-devel and see if either of them blocked an IP address one of your iOS devices tried to contact.
-
I remember there were system tunables for netmap_grab_packets errors for Suricata Inline IPS mode. I copied that info down and I created those tunables for my interfaces. There were also <shellcomd> lines that needed to be copied and saved to the /cf/conf/config.xml file. I checked this file and the area that those lines needed to be copied and saved to doesn't appear to exist any longer.
The System Tunables I added, X being the igb interface number:
dev.igb.X.fc [disable flow control]
dev.igb.X.eee_disabled [disable energy efficient ethernet]I've been watching the Suricata and pfBlockerNG-devel logs and nothing stood out except what I found in the System log file. Hopefully the system tunables will help.
-
Update...
I upgraded pfSense and Suricata to:
pfSense 2.5.0-RELEASE (amd64)
FreeBSD 12.2-STABLE
Suricata 6.0.0_9Interestingly, I'm still receiving the entries in the system logs as my initial post, however, not to the degree that I was receiving them when I first posted the issue.
I find that this is only occurring on my wireless LAN segment where a lot of streaming is occurring; Hulu, YouTube, etc.
I had hoped that the pfSense and Suricata updates would have resolved the issue. Hmmm.
