OPNsense-bot
commented
2 years ago Thank you for creating an issue. Since the ticket doesn't seem to be using one of our templates, we're marking this issue as low priority until further notice.
For more information about the policies for this repository, please read https://github.com/opnsense/plugins/blob/master/CONTRIBUTING.md for further details.
The easiest option to gain traction is to close this ticket and open a new one using one of our templates.
fichtner
Describe the bug After updating opnsense to version OPNsense 21.7.6-amd64 and enabling suricata 6.0.4 version stops my internet connectivity. The service will start as normal with nothing in the logs and after few hours it will kill my internet connection and in the wan interface it will remove the ip and replace it with .dhcp. As soon as i restart suricata service my internet comes back and i can see my public ip address (nothing will show in the suricata and system logs).
I am using all the rule sets in suricata and created policies. I have been running the same system with version 21.7.5 which had no issues and with the same rule set. After upgrading to version 21.7.6 the problem appeared and it will kill my internet connection. I run my internet connection directly from ISP ONT on VLAN 10. On suricata i have WAN selected for interface which is a VLAN 10 and i have enabled Promiscuous mode. I have not changed anything on my config side.
I knew the problem started after upgrading to latest version. I re-imaged the box to 21.7.1 and using the manual Flavour settings under updates i put this code "21.7/MINT/21.7.5/OpenSSL/" to upgrade to version 21.7.5 and restoring my config. I enabled suricata and i haven't had any issues. This tells me the issue is with suricata killing internet connection without any logs. I am not sure what has changed with the new version of suricata. I tested on Sophos SG430 Rev 1 hardware and the issue is the same.
Relevant log files Suricata shows no faults or issues in the logs when it drops internet connection. System logs show no issues.
I did see this though in the system logs, but i also see this error when i am running version Suricata 6.0.3_3.
2021-12-12T13:45:06 kernel 906.106372 [ 853] iflib_netmap_config txr 4 rxr 4 txd 1024 rxd 1024 rbufsz 2048
2021-12-12T13:45:06 kernel 906.015935 [ 853] iflib_netmap_config txr 4 rxr 4 txd 1024 rxd 1024 rbufsz 2048
2021-12-12T13:45:06 kernel 905.926248 [ 853] iflib_netmap_config txr 4 rxr 4 txd 1024 rxd 1024 rbufsz 2048
Environment Software version used and hardware type if relevant. e.g.: Hardware is : Sophos SG330 Rev 1 Currently running OPNsense 21.7.5-amd64FreeBSD 12.1-RELEASE-p21-HBSDOpenSSL 1.1.1l 24 Aug 2021 CPU type | Intel(R) Core(TM) i5-4570S CPU @ 2.90GHz (4 cores) 'I210 Gigabit Network Connection'
ix0@pci0:1:0:0: class=0x020000 card=0x02031374 chip=0x10c68086 rev=0x01 hdr=0x00 vendor = 'Intel Corporation' device = '82598EB 10-Gigabit AF Dual Port Network Connection' class = network
ix1@pci0:1:0:1: class=0x020000 card=0x02031374 chip=0x10c68086 rev=0x01 hdr=0x00 vendor = 'Intel Corporation' device = '82598EB 10-Gigabit AF Dual Port Network Connection' class = network
igb0@pci0:2:0:0: class=0x020000 card=0x30e015bb chip=0x15338086 rev=0x03 hdr=0x00 vendor = 'Intel Corporation' device = 'I210 Gigabit Network Connection' class = network
igb1@pci0:3:0:0: class=0x020000 card=0x30e015bb chip=0x15338086 rev=0x03 hdr=0x00 vendor = 'Intel Corporation' device = 'I210 Gigabit Network Connection' class = network
igb2@pci0:4:0:0: class=0x020000 card=0x30e015bb chip=0x15338086 rev=0x03 hdr=0x00 vendor = 'Intel Corporation' device = 'I210 Gigabit Network Connection' class = network
igb3@pci0:5:0:0: class=0x020000 card=0x30e015bb chip=0x15338086 rev=0x03 hdr=0x00 vendor = 'Intel Corporation' device = 'I210 Gigabit Network Connection' class = network
igb4@pci0:6:0:0: class=0x020000 card=0x0000ffff chip=0x15338086 rev=0x03 hdr=0x00 vendor = 'Intel Corporation' device = 'I210 Gigabit Network Connection' class = network
igb5@pci0:7:0:0: class=0x020000 card=0x0000ffff chip=0x15338086 rev=0x03 hdr=0x00 vendor = 'Intel Corporation' device = 'I210 Gigabit Network Connection' class = network
igb6@pci0:8:0:0: class=0x020000 card=0x000015bb chip=0x15218086 rev=0x01 hdr=0x00 vendor = 'Intel Corporation' device = 'I350 Gigabit Network Connection' class = network
igb7@pci0:8:0:1: class=0x020000 card=0x000015bb chip=0x15218086 rev=0x01 hdr=0x00 vendor = 'Intel Corporation' device = 'I350 Gigabit Network Connection' class = network
igb8@pci0:9:0:0: class=0x020000 card=0x0000ffff chip=0x15228086 rev=0x01 hdr=0x00 vendor = 'Intel Corporation' device = 'I350 Gigabit Fiber Network Connection' class = network
igb9@pci0:9:0:1: class=0x020000 card=0x0000ffff chip=0x15228086 rev=0x01 hdr=0x00 vendor = 'Intel Corporation' device = 'I350 Gigabit Fiber Network Connection' class = network