Bug #8209
closedSuricat Inline netmap bad packet errors
0%
Description
Using PFsense 2.4.2 and Suricata 4.0.1_1 I using Inline mode, I see errors like this appearing in the system log rather frequently.
Dec 14 10:35:00 kernel 900.798878 [1071] netmap_grab_packets bad pkt at 1336 len 2333
Dec 14 10:35:00 kernel 900.821493 [1071] netmap_grab_packets bad pkt at 1339 len 2333
Dec 14 09:35:00 kernel 300.616829 [1071] netmap_grab_packets bad pkt at 817 len 2333
Dec 14 09:35:00 kernel 300.593938 [1071] netmap_grab_packets bad pkt at 813 len 2333
Dec 14 09:04:00 kernel 439.898908 [1071] netmap_grab_packets bad pkt at 1505 len 3117
Dec 14 08:35:00 kernel 700.813980 [1071] netmap_grab_packets bad pkt at 1623 len 2333
Dec 14 08:35:00 kernel 700.662881 [1071] netmap_grab_packets bad pkt at 1616 len 2333
Dec 14 08:35:00 kernel 700.598831 [1071] netmap_grab_packets bad pkt at 1610 len 2333
Dec 14 08:35:00 kernel 700.576523 [1071] netmap_grab_packets bad pkt at 1607 len 2333
Nothing unusual appears in any other log with these timestamp
The only thing that jumped out at me was most of the errors happen every hour, and there are no Cron jobs on that same schedule.
A note to point out is this happens only on a high traffic volume WAN interface and not on another identical system which has a much lower traffic volume. There is not enough info in the log to track down whether this is actual bad packets that arrive on the interface or good packets are being dropped.
The hardware is using Intel i5-3570 @ 3.4Ghz, 16GB memory, 6 active interface ports, and Intel (3)i350T2V2 NIC's using the igb driver. Also have tried Intel i210-T1 NIC as the WAN interface with same results.
Have tried changing some igb and netmap tunables which never made any difference.
If there are any tests I can run to provide more information, please let me know.
Thank you.
Updated by Jim Pingle over 4 years ago
- Project changed from pfSense to pfSense Packages
- Category set to Suricata
- Status changed from New to Closed
This report is rather old and several pfSense and Suricata versions ago. If it's still a problem, gather more detail and create a new issue.