SNORT - Broadcom BNXT
-
Hello,
We have pfSense installed on a Dell server equipped with Broadcom "bnxt" network cards. While setting up Snort, we encountered an issue on a VLAN interface configured on a bnxt5 card.
When we enable Snort's inline mode on the parent interface (bnxt5), the entire network served by this interface becomes inaccessible, generating the following errors:
"kernel bnxt5: Attempt to re-allocate l2 ctx filter (fid: 0x12d00000003fc04)"
"HWRM_CFA_L2_SET_RX_MASK command returned RESOURCE_ALLOC_ERROR error."
"set_multi: rx_mask set failed"
"demoted by 0 to 0 (send error 50 on bnxt5.500)"
We are unable to restore the interface's functionality. We have read that the driver for this card may cause issues with FreeBSD.What suggestions do you have for resolving this issue?
Thank you in advance for your help.
-
You have two issues. First, Inline IPS Mode does not support VLANs. It must be run on the physical parent interface only. Second, it appears that particular NIC chipset is not playing well with FreeBSD.
If you must run Snort instances on VLANs, then you must switch to Legacy Mode Blocking. Note that still may not fix your NIC driver issue in FreeBSD.
-
@bmeeks Hello, that's exactly what I did. I ran Snort on the parent interface and not on the VLAN. However, as you suggested, there must be an issue with the Broadcom network card drivers.
