Netmap appears broken in Snort and Suricata packages when Inline IPS Mode enabled
The latest update to FreeBSD-12.1-STABLE for the pfSense-2.5 snapshots appears to have broken the netmap device used by the Snort and Suricata packages when Inline IPS Mode is activated. The underlying binary for the package (snort or suricata) fails to start and throws an error about the NETMAP_API version being incorrect.
Creating this issue for tracking purposes. I am looking into the cause and a possible fix.
#1 Updated by Bill Meeks 11 months ago
Upon further testing it appears this may not be an actual bug, but is more likely related to older FreeBSD-12.0 versions of some required library dependencies remaining after a pfSense-2.5 snapshot update that installs FreeBSD-12.1 without removing and reinstalling the Snort package.
I simply removed the Snort package from a non-functioning pfSense-2.5 snapshot using SYSTEM > PACKAGE MANAGER, and then I installed the Snort package again using SYSTEM > PACKAGE MANAGER and it installed and all interfaces (including one using Inline IPS Mode) came up normally. There were no netmap API errors.
I have asked affected users to test again using the method described above and to report back.
#2 Updated by Bill Meeks 11 months ago
Confirmed after further testing by me and by feedback from impacted users. Deleting the package (Snort or Suricata) and installing it again forces the download and installation of the correct version for FreeBSD-12.1. The packages will then start and run normally.
The pfSense-2.5 snapshot update bumped up the OS version to FreeBSD-12.1-STABLE, but it did not result in the new versions of Snort and Suricata compiled on FreeBSD-12.1-STABLE being installed at the same time. Instead, the old versions of the Snort and Suricata binaries compatible with FreeBSD-12.0-RELEASE remained, and those versions will not run in FreeBSD-12.1-STABLE due to changes in the netmap device.
This issue can be closed and marked either RESOLVED or NOT A BUG as desired. The solution for any impacted user is to remove the package and then install it again to bring down the correct package binary compiled against FreeBSD-12.1-STABLE.