Project

General

Profile

Actions
Copy link

Bug #7893

closed

Kernel Panic Suricata Inline

Added by Ken Sim over 6 years ago. Updated over 6 years ago.

Status:
Needs Patch
Priority:
Very Low
Assignee:
-
Category:
Suricata
Target version:
-
Start date:
09/26/2017
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Affected Version:
2.4.x
Affected Plus Version:
Affected Architecture:
amd64

Description

I have been playing around with the 2.4.0/1 snapshots, and have found that when Suricata is enabled with inline blocking, you can start Suricata and pfSense will go into a kernel panic and reboot cycle. This config works perfectly fine on the same hypervisor, same vm specs, as my 2.3.4-p1 instance. There is nothing in the logs at all to suggest anything, I only have 2 screen shots of the console. Please let me know if any other info would be helpful and I will provide it to the best of my abilities.

Files

Download all files
pfsense24-dev - VMware Workstation_004.png (13 KB) pfsense24-dev - VMware Workstation_004.png Ken Sim, 09/26/2017 06:01 PM
pfsense24-dev - VMware Workstation_005.png (15.2 KB) pfsense24-dev - VMware Workstation_005.png Ken Sim, 09/26/2017 06:01 PM
pfsense24-dev - VMware Workstation_052.png (13.7 KB) pfsense24-dev - VMware Workstation_052.png Ken Sim, 09/26/2017 06:11 PM
Actions
Copy link
 #1

Updated by Ken Sim over 6 years ago

I rebooted the VM a few times, and it appears to have stopped it's panic reboot cycle. When I went in to view Suricata in the webui it printed some lines to the console that I am pretty sure are just related to inline, but wanted to provide the screen shot as well.

Actions
Copy link
 #2

Updated by Jim Pingle over 6 years ago

  • Project changed from pfSense to pfSense Packages
  • Category changed from Operating System to Suricata
  • Status changed from New to Needs Patch
  • Priority changed from Normal to Very Low
  • Target version deleted (2.4.0)

Inline/Netmap is known to have issues with certain hardware (real or virtual). It's still somewhat of an experimental feature, and something that must be addressed in FreeBSD, not here.

Actions
Copy link
 #3

Updated by Ken Sim over 6 years ago

Thanks for the info, you guys might want to get the package maintainer to put some info under the inline selection, its not really clear. Suricata is a big feature for a lot of people, and a bit of a warning till FreeBSD fixes the issue would be really nice to have.

Actions
Copy link
 #4

Updated by Jim Thompson over 6 years ago

The “generic_XXXXXX” in one of your screenshots shows you’re not running s netmap-capable NIC. (You’re getting the emulation support.)

Agree that it shouldn’t crash, but maybe try with a nice Intel or Chelsio NIC?

Actions
Copy link
 #5

Updated by Bill Meeks over 6 years ago

Additional warning text has been added to the Group Help displayed in the Blocking Mode section of the INTERFACE SETTINGS tab. An additional warning message about limited NIC driver support for Netmap and the potential for system crashes is displayed at the top of the page when saving changes on the INTERFACE SETTINGS tab with Inline IPS Mode operation selected.

Suricata changes: https://github.com/pfsense/FreeBSD-ports/pull/426

Bill

Actions
Copy link

Also available in: Atom PDF