core icon indicating copy to clipboard operation
core copied to clipboard

Published 20 hours ago verified publisher icon opnsense

OPNsense 24.1.6 Suricata 7 Cannot Allocate Memory

Open tsense1337 opened this issue 10 months ago • 7 comments 

[v] I have read the contributing guide lines at https://github.com/opnsense/core/blob/master/CONTRIBUTING.md
[v] I am convinced that my issue is new after having checked both open and closed issues at https://github.com/opnsense/core/issues?q=is%3Aissue

Describe the bug

after upgrading from 24.1.1 Suricata 6 to 24.1.6 Suricata 7 fails to launch. After the error message is displayed, the machine can be pinged but can no longer be accessed via the web interface. returning to 24.1.1 everything was fine again.

To Reproduce

Steps to reproduce the behavior:

Upgrade from 24.1.1 to 24.1.6
Tunables:
tuneable dev.netmap.admode: 2
dev.netmap.buf_size: 4096 <<< Even without the parameter it behaves exactly as in the error description.

Expected behavior

We see this error messages: 2024-04-23T09:25:12 21 Error suricata 8429 [105315] <Error> -- opening devname netmap:ix1^3/T failed: Cannot allocate memory 2024-04-23T09:21:54 21 Error suricata 84930 [103083] <Error> -- opening devname netmap:ix1^3/T failed: Cannot allocate memory

Describe alternatives you considered N/A

Screenshots N/A

Relevant log files

2024-04-23T09:25:12 21 Error suricata 8429 [105315] <Error> -- opening devname netmap:ix1^3/T failed: Cannot allocate memory 2024-04-23T09:21:54 21 Error suricata 84930 [103083] <Error> -- opening devname netmap:ix1^3/T failed: Cannot allocate memory

Additional context

N/A

Environment

Software version used and hardware type if relevant, e.g.:

OPNsense 24.1.1 512GB RAM (amd64, OpenSSL). nic ='NetXtreme BCM5719 Gigabit Ethernet PCIe' nic = 'Ethernet Controller 10-Gigabit X540-AT2'

tsense1337 avatar Apr 23 '24 08:04 tsense1337

Are there any updates to my problem?

tsense1337 avatar May 02 '24 07:05 tsense1337

Is the problem still being resolved? The problem does not exist in the business version! only in the community version.

tsense1337 avatar Jun 19 '24 05:06 tsense1337

which business edition version did you test with the exact same hardware being used? It sounds quite unlikely there's a difference on this subject.

AdSchellevis avatar Jun 19 '24 08:06 AdSchellevis

yes, exactly. I updated the version with identical hardware directly to the latest Business (24.4_8) and have had no problems with the error since then. Could it be due to a different netmap version?

tsense1337 avatar Jun 19 '24 08:06 tsense1337

If I’m not mistaken the kernel and suricata package are the same between those versions.

AdSchellevis avatar Jun 19 '24 16:06 AdSchellevis

But there has to be a difference. Because then an upgrade to the business version would have led to the same error. Could it be due to a configuration difference?

tsense1337 avatar Jun 20 '24 08:06 tsense1337

I've double checked, both kernel and suricata versions are the same. There's not much we can do at the moment, if it's hardware / driver related, it might have been a lucky shot if it sometimes works.

AdSchellevis avatar Jun 21 '24 11:06 AdSchellevis