Upgrade to pFsense 2.5.0 - issue with Suricata
-
First of all, thanks for the great work, more or less everything works straight out of the box, and I've updated Suricata afterwards.
I've started noticing that LAN graphs were flat, but all others working fine. Not such a worry.
When starting throwing in some bandwidth, I've lost connectivity. Reboot.
I have then wanted to stop Suricata.... 3 times pFsense has been in an interesting state. Still able to access it via OpenVPN but no Internet connectivity. Then got back to this LAN graph missing, which is the interface where IDS was running.
The only way till now to solve the issue was to remove Suricata 6.X
-
I can confirm that I see the same behaviour. I also noticed that if I restart the suricata service the graph shows traffic flowing for about 90s before it goes flat. The suricata log shows that suricata is working as expected, it is just a problem in the display (traffic graphs & monitor).
I have not noticed any instabilities with increased traffic load, pfSense 2.5 is rock solid for me
-
This is likely from a known bug in the FreeBSD iflib wrapper library that is new for FreeBSD 12.x. When an interface is in netmap mode, some internal packet counters are not getting incremented by the kernel and thus the traffic graph shows zero traffic. No fix for this until FreeBSD updates the iflib wrapper and that update makes it into pfSense.
-
I've reinstalled Suricata, allows the settings to be removed with package uninstall, and reinstall it.
Running it for a few hours, it seems to work correctly, including graphs.