Processor: CPUIntel Kaby Lake i5-7200U (64 Bit, 3.1 GHz Turbo, 2 Cores, 4 Threads, 3MB Smart Cache), GPUIntegrated Intel HD Graphics 620, AES-NISupported.Included wire harness for internal 2.5″ SSD.6 Intel Gigabit 82583V Ethernet NIC ports.Intel i5 7200U Dual Core with Hyperthreading at 3.1GHz.Running with "autofp" mode seems to be stable, but produces lower throughput. Per your testing, switching to "workers" runmode results in the hang/stall. Seems "workers" mode is the problem child for some reason. One key difference, and your experience today reiterates the importance of this difference, is that runmode "workers" is the default on OPNsense while runmode "autofp" is the default on pfSense. We are still trying to determine what's up with the new patch. That stabilized Suricata for their users. Eventually OPNsense rolled back to the netmap code that was in Suricata 6.0.8 (essentially reverting the multiple host rings patch). But immediately upon rolling out the patch with the release of Suricata 6.0.9, OPNsense users began experiencing the stall/hang. I can only recall a single poster (and he posted on the Suricata forum and not here on the Netgate forum) that has had an issue, and his issue was reported about two months ago. There were no stalling issues that I am aware reported on pfSense when the change was merged. It has been in all Suricata versions used with pfSense since August 2021. But I did merge the patch into the 6.0.x version of Suricata we were using on pfSense. It was rather quickly merged into the Suricata 7.x development branch, but not into the 6.0.x Master release branch at that time. I created the original patch to use multiple host rings with Suricata Inline IPS netmap mode and submitted it upstream. What happened is that starting with Suricata 6.0.9 the upstream group merged in the same netmap device changes for multiple host rings support that we have been using in pfSense since August 2021. In fact, the issues thread you linked to in OPNsense were the reason the OPNsense developer opened the Suricata Redmine Issue I linked earlier (#5744). Yes, the issue you linked to there is part of the same Suricata problem. Said in 6100 SLOW in comparison to Protectli I actually started with OPNsense on Proxmox.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |