Sentinel Firewall Logs Fail

milkandhoney · October 23, 2022, 7:21pm

Hi guys,

This is has been an issue since forever on all of my Turris Omnias.

ReForis shows the Senitnel “Firewall Logs” as “Failed”.

Logs show:

Oct 23 19:02:04  sentinel-fwlogs[21568]: ERROR: Packet handling failed: Resource temporarily unavailable
Oct 23 21:02:05  sentinel: INFO [certgen.action_spec_init:89] Valid certificate found
Oct 23 19:02:08  procd: Instance sentinel-minipot::instance1 pid 5128 not stopped on SIGTERM, sending SIGKILL instead
Oct 23 19:02:11  sentinel-fwlogs[22034]: ERROR: Packet handling failed: Resource temporarily unavailable
Oct 23 19:02:17  sentinel-fwlogs[22047]: ERROR: Packet handling failed: Resource temporarily unavailable
Oct 23 19:02:24  sentinel-fwlogs[22056]: ERROR: Packet handling failed: Resource temporarily unavailable
Oct 23 19:02:31  sentinel-fwlogs[22063]: ERROR: Packet handling failed: Resource temporarily unavailable
Oct 23 19:02:37  sentinel-fwlogs[22076]: ERROR: Packet handling failed: Resource temporarily unavailable
Oct 23 19:02:37  procd: Instance sentinel-fwlogs::instance1 s in a crash loop 6 crashes, 1 seconds since last crash

With the update to TOS 6.0 I made a fresh install and re-configuration from scratch on one of them, but this still fails.

Starting manually show the same error once:

$ sentinel-fwlogs --verbose
Packet handling failed: Resource temporarily unavailable

peci1 · October 23, 2022, 11:15pm

This is a known issue: Segmentation fault and resources unavailable on version 0.3.0 (#9) · Issues · Turris / Sentinel / FWLogs collector · GitLab .

milkandhoney · October 23, 2022, 11:40pm

Thanks. I quote @mhanak here for future reference:

The problem is that we are not able to receive dropped/rejected packets from kernel through netlink and thus forward appropriate events to our servers for analyses. The problem is somewhere in above mentioned libraries - NOT in our SW.

AFAIK it should’t have any security implications. Firewall should work as expect. This component has no connection with firewall functionality at all. We only don’t receive information about its actions.

Further it has only very small nor any impact on Sentinel working properly. As you can clearly see in our web interface Sentinel view vast majority of incidents is captured by our minipots. If you for example compare data for this week (at time of writing this post) in rough numbers:

incidents generated by minipots - six hundred milion

incidents generated by fwlogs - nine thousand

I will disable the Sentinel Firewall Logs for the time being.

JardaB · October 25, 2022, 6:01pm

Firewall log cannot be turned off in reForis, it stays on, but in Sentinel state is “failed” - no error messages in syslog. Sentinel cannot be uninstalled even in packages.

Similarly, it is not possible to delete alerts (notifications) in Overview. … disappears after router reboot…