https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/twistlock-defender-nfqueue-errors/m-p/556061#M1022 <P>Hi Humberto,</P> <P>&nbsp;</P> <P>I hope you're doing well.&nbsp; Based on the error message, it seems that the options length is too long to be appended to the host egress packet, and it's resulting in errors.&nbsp;<SPAN>This seems to be expected behavior if you enable network monitoring feature, it essentially enable partial feature of CNNF( now CNNS)</SPAN></P> <P>&nbsp;Typically,&nbsp;<SPAN>when the iptables receives a header longer than 32 it will drop the connection, essentially killing that from ever reestablishing</SPAN></P> <P>&nbsp;</P> <P><SPAN>The proper protocol and my recommendation is to&nbsp;</SPAN><SPAN>open a support ticket and be sure to provide the Defender support information</SPAN></P> <OL> <LI>What defender version are you running?</LI> <LI>What type of defender is it</LI> <LI>The full defender log...</LI> </OL> <P><SPAN>If possible, also include with the ticket the iptables rules programed at the host with and without CNNS</SPAN></P> <P>&nbsp;</P> <P><SPAN>Thank you,</SPAN></P> Thu, 31 Aug 2023 23:16:29 GMT WLejulus 2023-08-31T23:16:29Z https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/twistlock-defender-nfqueue-errors/m-p/555594#M1021 <P>Hi everyone,&nbsp;</P> <P>&nbsp;</P> <P>i'm receive the follow messages in th twistlock-defender</P> <P>&#27;[31m ERRO 2023-08-01T14:46:18.613 tracker_network_nfqueue.go:378 &#27;[0m NFQueue packet processing total errors: 70, errors: [2023-08-01T14:30:00.547 failed to append twistlock options in host egress packet of [172.25.208.1:20074 -&gt; 172.25.2.39:6443]: too many options (len: 32, packet len: 72): 0204ffd70402080a85219e5700000000010303071f0c000012400003ca889eba &lt;nil&gt; 2023-08-01T14:40:00.487 failed to append twistlock options in host egress packet of [172.25.208.1:9524 -&gt; 172.25.2.38:6443]: too many options (len: 32, packet len: 72): 0204ffd70402080a852ac5db00000000010303071f0c000012400000f7f96a83 &lt;nil&gt; 2023-08-01T14:44:30.377 failed to append twistlock options in host egress packet of [172.25.74.187:50212 -&gt; 172.25.2.39:6443]: too many options (len: 32, packet len: 72): 020405a00402080a67932c5100000000010303071f0c0007e000000178de8835 &lt;nil&gt; 2023-08-01T14:44:30.385 failed to append twistlock options in host egress packet of [172.25.74.187:50218 -&gt; 172.25.2.38:6443]: too many options (len: 32, packet len: 72): 020405a00402080a67932c5900000000010303071f0c0007e000000178de8835 &lt;nil&gt; 2023-08-01T14:44:30.639 failed to append twistlock options in host egress packet of [172.25.74.187:50234 -&gt; 172.25.2.39:6443]: too many options (len: 32, packet len: 72): 020405a00402080a67932d5600000000010303071f0c0007e000000178de8835 &lt;nil&gt;]</P> <P>&nbsp;</P> <P>Any idea?</P> <P>&nbsp;</P> <P>Best</P> <P>&nbsp;</P> Tue, 29 Aug 2023 00:06:37 GMT https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/twistlock-defender-nfqueue-errors/m-p/555594#M1021 HumbertoNeves 2023-08-29T00:06:37Z https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/twistlock-defender-nfqueue-errors/m-p/556061#M1022 <P>Hi Humberto,</P> <P>&nbsp;</P> <P>I hope you're doing well.&nbsp; Based on the error message, it seems that the options length is too long to be appended to the host egress packet, and it's resulting in errors.&nbsp;<SPAN>This seems to be expected behavior if you enable network monitoring feature, it essentially enable partial feature of CNNF( now CNNS)</SPAN></P> <P>&nbsp;Typically,&nbsp;<SPAN>when the iptables receives a header longer than 32 it will drop the connection, essentially killing that from ever reestablishing</SPAN></P> <P>&nbsp;</P> <P><SPAN>The proper protocol and my recommendation is to&nbsp;</SPAN><SPAN>open a support ticket and be sure to provide the Defender support information</SPAN></P> <OL> <LI>What defender version are you running?</LI> <LI>What type of defender is it</LI> <LI>The full defender log...</LI> </OL> <P><SPAN>If possible, also include with the ticket the iptables rules programed at the host with and without CNNS</SPAN></P> <P>&nbsp;</P> <P><SPAN>Thank you,</SPAN></P> Thu, 31 Aug 2023 23:16:29 GMT https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/twistlock-defender-nfqueue-errors/m-p/556061#M1022 WLejulus 2023-08-31T23:16:29Z