Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Suricata / Netmap Crashing on High Traffic Stable 2.4.5 Broken 2.5.1

    Scheduled Pinned Locked Moved General pfSense Questions
    2 Posts 2 Posters 354 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V Offline
      ViciousXUSMC
      last edited by ViciousXUSMC

      System:
      Dell R210ii
      Xeon E3-1230 V2 and 8GB of RAM
      NIC IGB Intel 4 Port in PCI Slot used, and on board BCE Broadcom NIC not used.
      Already check HDD, RAM and System Temps to ensure that is not the issue.
      Setup was stable on 2.4.5 and only broke after the recent update to 2.5.1

      Issues are most definitely based around Netmap and Suricata running in in-line mode.
      ISP Service is 500/500mbps

      Something like a speedtest wont crash the box, but will generate some errors. Something like Steam or Origin crashes the box almost immediately.
      LAN Interface goes down, does not recover until reboot.

      The Error seems to be surrounding "netmap_ring_reinit" I have some tunables for my Intel adapter and issues surrounding this. But as of now I do not have this stable, hoping there is a fix short of rolling back to 2.4.5

      Tunables:
dev.igb.X.eee_disabled=1
dev.igb.X.fc=0
dev.netmap.buf_size=8192
dev.igb.X.eee_control=0
kern.ipc.maxsockbuf=4262144

      I think that is the only ones I have entered not already populated by the system as defaults.

      I have all hardware offloading disabled per all the reading I have done even though I think the intel card supports many of them. With more than enough RAM, CPU, Etc I didn't mind the losses of speed for the sake of stability.

      Already checked temps, RAM, etc, the system is fine.

      Crash after opening Steam
      Crash 1.PNG

      crash2.PNG

      crash2-2.PNG

      Changed Netmap to Emulated Mode using dev.netmap.admode=2 still crashed but looked different and my uploads went to garbage.

      crash3 emulated mode.PNG

      And last here is running a speedtest, errors but did not crash. When its in a crash state these move so fast you cant see anything. I am also not sure if there is any recovery short of a reboot.

      Crash 4 running speed test.PNG

      Bonus: As I am messing with this, if I make a System Tunable change that crashes the LAN interface and the Web Interface, I still have console access via the iDRAC, is there a way from the Shell to un-do a tunable change? I am assuming there is a simple config file in the file system I can modify?

      S 1 Reply Last reply Reply Quote 0
      • S Offline
        SteveITS Rebel Alliance @ViciousXUSMC
        last edited by

        @viciousxusmc said in Suricata / Netmap Crashing on High Traffic Stable 2.4.5 Broken 2.5.1:

        Netmap and Suricata running in in-line mode

        See various posts from bmeeks about this on 2.5.x/FreeBSD 12, e.g. https://forum.netgate.com/topic/163853/snort-and-internet-speed-problem/9. It sounds like inline may be more problematic on 12.

        Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to reboot, or more depending on packages, and device or disk speed.
        Upvote 👍 helpful posts!

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.