Project

General

Profile

Actions

Bug #12607

open

Instability with Snort Inline with AWS Instances

Added by Kris Phillips 5 months ago. Updated 4 months ago.

Status:
New
Priority:
High
Assignee:
-
Category:
Hardware / Drivers
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Release Notes:
Default
Affected Plus Version:
Affected Architecture:
amd64

Description

The ena driver seems to have instability when enabling inline snort. Because AWS is behind NAT Legacy mode is not viable, so utilizing inline is necessary. The ena driver recently added support for inline mode, but it appears that when you enable it the interface flaps up and down.

Nov 29 08:36:14 pfSense kernel: ena0: device is going DOWN
Nov 29 08:36:14 pfSense kernel: ena0: device is going UP
Nov 29 08:36:14 pfSense kernel: ena0: Creating 2 IO queues. Rx queue size: 1024, Tx queue size: 1024, LLQ is DISABLED
Nov 29 08:36:14 pfSense kernel: ena0: device is going DOWN
Nov 29 08:36:14 pfSense kernel: ena0: device is going UP

As soon as you put snort into IDS mode and disable blocking the issues go away.

Actions #1

Updated by Viktor Gurov 5 months ago

Need to test with the latest 22.01/2.6 snapshot - ena(4) updated from 2.2.0 to 2.4.1 in FreeBSD 12.3
see https://www.freebsd.org/releases/12.3R/relnotes/

Actions #2

Updated by Marcos Mendoza 4 months ago

https://github.com/pfsense/FreeBSD-src/commit/7dbcef9536b410426e8b391e721e5800f5d503b5

* Netmap support for ENAv3.

I wonder if this means that previous ENA versions do not support it, and if that's the case what AWS instance types support ENAv3?

Actions

Also available in: Atom PDF