Suricata & PPPoE Interfaces - Bug Reported to Openinfosecfoundation.org

bmeeks

@mauritsl:

Hi All,

Pfsense is saying–> New version 2.1.4 but still loads 2.06.

When can we expect the fixed PPPOE?

Thx all!

We are waiting for the FreeBSD port maintainer to update the Suricata port.  That was supposed to happen last week, but obviously did not.  The pfSense Team is making some other housekeeping changes to packages getting ready to move from PBIs to pkg-ng.  Those changes are likely what is prompting the "new" versions showing up.  They are not really "new".

Bill

mauritsl

Thx Bill for the fast response and work.

bmeeks

The Pull Request to post the updated Suricata code has been submitted.  Here is a link for those that want to track the progress:  https://github.com/pfsense/pfsense-packages/pull/875.  Once approved by the pfSense Team and merged, the update will appear as Suricata v2.1.5.  The underlying binary will be version 2.0.8, and it will support PPPoE connections on pfSense.

Bill

mauritsl

For the PPPOE it looks OK now, so I' am/we are one step in the right direction :)

14/5/2015 – 21:44:52 - <info>-- Running in 'auto' checksum mode. Detection of interface state will require 1000 packets.
14/5/2015 -- 21:44:52 - <info>-- Found an MTU of 1492 for 'pppoe0'
14/5/2015 -- 21:44:52 - <info>-- Set snaplen to 1508 for 'pppoe0'

Now I get he following:

14/5/2015 -- 21:44:52 - <error>-- [ERRCODE: SC_ERR_POOL_INIT(66)] - alloc error
14/5/2015 – 21:44:52 - <error>-- [ERRCODE: SC_ERR_POOL_INIT(66)] - pool grow failed

What can this mean?

Thx for all your support</error></error></info></info></info>

bmeeks

@mauritsl:

For the PPPOE it looks OK now, so I' am/we are one step in the right direction :)

14/5/2015 – 21:44:52 - <info>-- Running in 'auto' checksum mode. Detection of interface state will require 1000 packets.
14/5/2015 -- 21:44:52 - <info>-- Found an MTU of 1492 for 'pppoe0'
14/5/2015 -- 21:44:52 - <info>-- Set snaplen to 1508 for 'pppoe0'

Now I get he following:

14/5/2015 -- 21:44:52 - <error>-- [ERRCODE: SC_ERR_POOL_INIT(66)] - alloc error
14/5/2015 – 21:44:52 - <error>-- [ERRCODE: SC_ERR_POOL_INIT(66)] - pool grow failed

What can this mean?

Thx for all your support</error></error></info></info></info>

Don't know for sure, but offhand, based on the error code text, I would say it's some kind of memory allocation error.

Bill

dotOne

See https://forum.pfsense.org/index.php?topic=93926.msg521328#msg521328

Increasing the 'Stream Memory Cap' value or decreasing the number of Preallocated sessions will solve it.

André

theopg

I change the default 32mb stream memory cap to a little bit more and that’s resolved the problem.

mauritsl

Works perfect now had to put little over 64mb to make it work
Thx all for the fast responses. Have a nice weekend!

nikkon

where do you change this value on version 3.0_7 available on pfsense 2.3_1?

dotOne

Same place as it always was.

Interface -> <if>Flow/Stream

Subheader "Stream Engine Settings"

/AV</if>