Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Pfsense crash after package update ...

    Scheduled Pinned Locked Moved General pfSense Questions
    6 Posts 2 Posters 805 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M Offline
      maba
      last edited by maba

      My virtualized pfsense is no longer stable after updating packages.
      I see this in the console :

      vmx0 TX0: fail 'head > kring->rtail && head < kring->rhead' h 378 c 378 t 350 rh 379 rc 379 rt 350 hc 379 ht 350
      617.404235 [1766] netmap_ring_reinit called for vmx0 TX0

      Crash report begins. Anonymous machine information:

      amd64
      11.3-STABLE
      FreeBSD 11.3-STABLE #243 abf8cba50ce(RELENG_2_4_5): Tue Jun 2 17:53:37 EDT 2020 root@buildbot1-nyi.netgate.com:/build/ce-crossbuild-245/obj/amd64/YNx4Qq3j/build/ce-crossbuild-245/sources/FreeBSD-src/sys/pfSense

      Crash report details:

      No PHP errors found.

      Filename: /var/crash/info.0 textdump.tar.0
      Dump header from device: /dev/gptid/3612226b-10fe-11e8-9ca2-000c29b82252
      Architecture: amd64
      Architecture Version: 1
      Dump Length: 96256
      Blocksize: 512
      Dumptime: Tue Aug 25 02:01:25 2020
      Hostname: XXXX
      Magic: FreeBSD Text Dump
      Version String: FreeBSD 11.3-STABLE #243 abf8cba50ce(RELENG_2_4_5): Tue Jun 2 17:53:37 EDT 2020
      root@buildbot1-nyi.netgate.com:/build/ce-crossbuild-245/obj/amd64/YNx4Qq3j/build/ce-crossbuild-245/source
      Panic String: general protection fault
      Dump Parity: 4031454225
      Bounds: 0
      Dump Status: good

      Filename: /var/crash/info.1.0 textdump.tar.1.0
      Dump header from device: /dev/gptid/3612226b-10fe-11e8-9ca2-000c29b82252
      Architecture: amd64
      Architecture Version: 1
      Dump Length: 123904
      Blocksize: 512
      Dumptime: Tue Aug 25 03:34:54 2020
      Hostname: XXX
      Magic: FreeBSD Text Dump
      Version String: FreeBSD 11.3-STABLE #243 abf8cba50ce(RELENG_2_4_5): Tue Jun 2 17:53:37 EDT 2020
      root@buildbot1-nyi.netgate.com:/build/ce-crossbuild-245/obj/amd64/YNx4Qq3j/build/ce-crossbuild-245/source
      Panic String: general protection fault
      Dump Parity: 2615745553
      Bounds: 1
      Dump Status: good

      Any thoughts before trying restoring snapshot ?

      [1_1598367588690_info.0](Uploading 100%) [0_1598367588688_info.1](Uploading 100%)

      1 Reply Last reply Reply Quote 0
      • M Offline
        maba
        last edited by

        i use suricata and inline mode blocking since june ... so far so good so why now it is crashing ? i think crash come from it. inline mode is not compatible with esxi and vmx driver ?

        the line i see in log seems to be suricata related when i stop service ... no line anymore ...

        I used snort until now ... but you remove barnyard fonctionnality ... so i switch to suricata AND HAVE STOP UPDATING IT (i have the last version with barnyard) ...

        it's very not easy to switch to other log monitoring solution (barnyard and snorby is sooo easy to deploy with docker and need very few ressources ....

        a docker with at least elasticsearch nodes / and some sort of grafana need soooo much ram ... and seem less easy to understand and deploy ...

        So for now i have switch to suricate LEGACY block mode and see if crash stops ...

        LONG LIVE BARNYARD !!!!! (and if you have easy solution to replace TELL ME HOW !!! ;)))

        have nice days people !

        1 Reply Last reply Reply Quote 0
        • bmeeksB Offline
          bmeeks
          last edited by bmeeks

          Barnyard2 is dead, so you really need to start looking for an alternative. It will no longer be in any of the IDS/IPS packages available for pfSense. In fact, Suricata upstream has totally removed Unified2 file support needed by Barnyard effective with version 6 which will be out in about a month or so.

          If you are trying to use the old version of the Suricata package with the latest pfSense update (2.4.5_p1), then you are going to have some issues. Switching to Legacy Mode Blocking will help with the netmap device incompatibility, but you may run into other stability problems due to the older shared libraries pulled in with the older Suricata package.

          The older Suricata binary also contained a netmap code bug that was fixed by Suricata upstream. By using the older Suricata binary in the older pfSense package, you very well may be encountering that Netmap bug and subsequent crash.

          1 Reply Last reply Reply Quote 0
          • M Offline
            maba
            last edited by

            Thanks for your answer bmeeks ;) Switching to legacy mode seem to have fixed the crashes .

            Please tell me what are the alternative to have "the same thing" , to point me to the right direction ...

            the only way i see is to use packet traffik / graphdb or elasticsearch and a third content displayer like grafana ??? IT'S SUPER HEAVY TO DEPLOY and need third grade in IT management !!

            and worst , it need a lot of RAM (maybe ... 3 Go ???) ... a docker with snorby and a database it's 300 Mo RAM (for home use) ....

            rhhaaaa ... sun is shining, it's summer ! ... don't wan't to pass 15 hours to deploy that ... please tell me there is another easy solution to do the same thing ;)

            have nice days !

            bmeeksB 1 Reply Last reply Reply Quote 0
            • bmeeksB Offline
              bmeeks @maba
              last edited by

              @maba said in Pfsense crash after package update ...:

              Thanks for your answer bmeeks ;) Switching to legacy mode seem to have fixed the crashes .

              Please tell me what are the alternative to have "the same thing" , to point me to the right direction ...

              the only way i see is to use packet traffik / graphdb or elasticsearch and a third content displayer like grafana ??? IT'S SUPER HEAVY TO DEPLOY and need third grade in IT management !!

              and worst , it need a lot of RAM (maybe ... 3 Go ???) ... a docker with snorby and a database it's 300 Mo RAM (for home use) ....

              rhhaaaa ... sun is shining, it's summer ! ... don't wan't to pass 15 hours to deploy that ... please tell me there is another easy solution to do the same thing ;)

              have nice days !

              Is Snorby still being actively maintained? I took a quick look at the Github site and all the changes seemed to be several years old. I once ran Snorby as well, but Barnyard2 and MySQL frequently misbehaved and pegged my firewall at 100% CPU. I also nearly always had issues trying to update Snorby through the very frustrating Ruby on Rails architecture. Not now, and never have been, a fan of Ruby ... 😞.

              The most common tools I've seen and heard about from users are Grafana and ELK (in various forms). The two most popular methods for exporting logs from pfSense to the database and monitoring platform are logstash and filebeats.

              pfSense user @kiokoman posted details about his Grafana setup in this thread.

              1 Reply Last reply Reply Quote 0
              • M Offline
                maba
                last edited by

                snorby is old and abandonned ... it's nearly impossible to install on last debian with the ruby crap (dependency problems) ...

                But docker save the day ! it can install old crapy library on last version of server ;)) with docker, snorby is easy to install AND you can remove old ruby crap in one click if not needed anymore ;)

                Ok i will go with the ELK thing ... i will learn something at least ...

                thanks for your link ;) i will look ;) have nice days ;))

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.