Real-time monitoring anomalies and DPI-core status

grepzilla · February 5, 2026, 1:44pm

Hello NethSecurity Team,

I am writing to report a sudden issue with our unit that started approximately two hours ago. Specifically:

The DPI-core module is showing an “Unknown” (Sconosciuto) status.
In the “Real-time Monitor” section, I get the following error: “Unable to load the list of top traffic hosts. Something went wrong”.

I have already attempted to restore the system from a known working backup from a few days ago, but the issue persists. This leads me to believe the problem is not related to the local configuration (perhaps a signature update or a cloud sync issue).

Could you please investigate the cause and advise on how to resolve this?

I look forward to hearing from you. Best regards,

mrmarkuz · February 5, 2026, 2:05pm

Is netifyd running?

Following command should return “running”:

service netifyd status

Does it help to (re)start the service, see ns-dpi | NethSecurity

service netifyd start

EDIT:

To solve the issue the services need to be enabled and started:

service netifyd enable
service netifyd start
service dpi-license-update enable
service dpi-license-update start

grepzilla · February 5, 2026, 2:08pm

service netifyd status
inactive

service netifyd start
Netify Agent/5.1.25 (openwrt; linux-gnu; x86_64; conntrack; netlink; dns-cache; nfqueue; regex)

This application uses nDPI v4.12.0

This program comes with ABSOLUTELY NO WARRANTY.
Netifyd is dual-licensed under commercial and open source licenses. The
commercial license gives you the full rights to create and distribute software
on your own terms without any open source license obligations.

Netifyd is also available under GPL and LGPL open source licenses. The open
source licensing is ideal for student/academic purposes, hobby projects,
internal research project, or other projects where all open source license
obligations can be met.

Report bugs to: Issues · Netify / Netify Public / Netify Agent · GitLab

Processor plugins:

proc-aggregator/1.0.89
/etc/netifyd/netify-proc-aggregator.json
/usr/lib/libnetify-proc-aggregator.so.0.0.0
proc-core/1.0.94
/etc/netifyd/netify-proc-core.json
/usr/lib/libnetify-proc-core.so.0.0.0
proc-nfa/1.1.46
/etc/netifyd/netify-proc-flow-actions.json
/usr/lib/libnetify-proc-flow-actions.so.0.0.0

Sink plugins:

sink-http/1.0.64
/etc/netifyd/netify-sink-http.json
/usr/lib/libnetify-sink-http.so.0.0.0
sink-log/1.0.62
/etc/netifyd/netify-sink-log.json
/usr/lib/libnetify-sink-log.so.0.0.0
sink-socket/1.0.76
/etc/netifyd/netify-sink-socket.json
/usr/lib/libnetify-sink-socket.so.0.0.0

grepzilla · February 5, 2026, 2:10pm

After running service netifyd start, the service restarted and the DPI-core status is back to green. It seems to be resolved for now, but I will keep monitoring it to see if the issue recurs

grepzilla · February 5, 2026, 3:33pm

Hello Team,

I would like to provide an update regarding the DPI issue. After further investigation via SSH, I found that the netifyd service was not enabled to start automatically on boot.

I managed to resolve the issue by manually running the following command: /etc/init.d/netifyd enable

After a test reboot, the DPI-core module started correctly and is now active. Could you please check if this was an isolated incident or if a recent update might have inadvertently disabled the service?

Best regards,

mrmarkuz · February 5, 2026, 4:03pm

It seems the latest netifyd update changed the service to disabled but here the service is running correctly after a reboot even when disabled.

root@NethSec:~# service netifyd status
running

Maybe it just crashed once?
Could you please try to disable it again and check if it’s running after a reboot?

grepzilla · February 5, 2026, 4:38pm

Understood. I have performed the test as requested following these steps:

I disabled the service again using /etc/init.d/netifyd disable.
I rebooted the firewall.
After the reboot, I checked the status.

After the reboot, the service is back to “Unknown” status and is not running. It seems that on my unit, the “enabled” setting is still required for it to start.

mrmarkuz · February 5, 2026, 4:46pm

Yes, you’re right. Sorry, it seems I didn’t really disable it in my test before.

grepzilla · February 5, 2026, 4:50pm

It appears that on this specific build/configuration, the service does not start unless it is manually enabled. For now, I will run enable again to keep the monitoring active, but I look forward to your feedback on whether this behavior is expected.

mrmarkuz · February 5, 2026, 5:04pm

I retested and the netifyd service stays enabled after the last netifyd update, just service netifyd enabled gives back another value but this can be ignored I guess.

When I disable the service manually, I can reproduce your issue.
I’m not sure what caused the issue. Let’s monitor it and check if the service gets disabled again.

grepzilla · February 5, 2026, 5:14pm

I would like to add a detail that might be crucial for identifying the bug: the issue occurred exactly after I added about ten protocols to the block list on a separate VLAN.

Immediately after saving and applying these security settings, the DPI-core module went into the “Unknown” status. It is highly likely that the “Apply changes” action in the web interface caused, as a side effect, the netifyd service to be disabled at the system level.

I hope this information helps you replicate the issue internally to prevent it from happening to other users.

grepzilla · February 5, 2026, 5:15pm

I would like to provide an additional technical detail: the issue occurred when, after adding those last 10 protocols to be blocked on a separate VLAN, I reached a total of approximately 31-32 blocked protocols in the global configuration.

It is possible that upon reaching this threshold, or while applying a list of this size, the configuration script fails and leaves the netifyd service in a disabled state. I hope this specific count helps you better isolate the bug.

mrmarkuz · February 6, 2026, 9:04am

I couldn’t reproduce the issue. I created 2 VLANs and added more than 32 DPI rules to both VLANs. After a reboot it’s still running.

Tbaile · February 6, 2026, 9:06am

I have a hunch on what the issue might be, but might not be our fault nor the rules added or network structure.

Could you check the output of service | grep dpi-license and netifyd -s | grep -v UUID?

Tbaile · February 6, 2026, 10:04am

Might just have verified the issue myself, I’ve installed a fresh 8.7.1, updated the packages and the new licensing tool for netifyd dpi-license-update is disabled. This could be justifiable due to how user preferences on daemon enable/disable are respected on OpenWRT. However, the package update disables netifyd too, which is weirder due to a direct update of a package and on the 8.7.1 it’s enabled by default.

Will try to fix the issue, in the meantime if @mrmarkuz is kind enough to edit his solution and add commands to enable netifyd and enable and start dpi-license-update, that would be nice

Thank you for your patience!

Update:

It seems that image updates are not affected, I tested updating from stable to dev and services are active as expected. However, I did clean cache two days ago I guess this might be a cache build issues, currently compiling clean packages to check.

grepzilla · February 6, 2026, 4:21pm

root@Firewall-MrWhite:~# netifyd -s | grep -v UUID
Netify Agent/5.1.25 (openwrt; linux-gnu; x86_64; conntrack; netlink; dns-cache; nfqueue; regex)
✓ agent is running: PID 5223
• agent timestamp: Fri Feb 6 17:18:47 2026
• agent uptime: 0d 22:56:12
! API updates: disabled
Netify API updates can be enabled from the configuration file:
/etc/netifyd.conf
! license manager available: no
✓ active flows: 856 / unlimited (0.0%)
• flows purged: 64, in-use: 238
• flows expiring: 14, expired: 240
• minimum flow size: 4672
• CPU cores: 4
✓ CPU utilization (user + system): 0.1%
✓ CPU time (user / system): 0.1s / 0.0s
• memory RSS: 197100 kB, maximum memory RSS: 246152 kB
✓ br-lan [LAN → PCAP]: online: packets dropped: 0.000%
✓ eth0 [WAN → PCAP]: online: packets dropped: 0.000%
✓ eth1 [LAN → PCAP]: online: packets dropped: 0.000%
! tunrw1 [LAN → PCAP]: online: packets dropped: 0.000%
✓ wg1 [LAN → PCAP]: online: packets dropped: 0.000%
• apps: 2342, app-IP overrides: 910, domains: 35055, networks: 12068, soft-dissectors: 29, transforms: 3
✓ DNS hint cache: enabled
• DHC entries: 1000, inserts: 91215 (91.9%), lookups: 127288 (61.3%)
✓ flow hash cache: enabled
• FHC entries: 1000, inserts: 53202 (0.0%), lookups: 293204 (13.4%)
• persistent state path: /etc/netifyd
• volatile state path: /var/run/netifyd
proc-aggregator/1.0.89 (processor)
• aggregator #1
• samples: 0
✓ license status: valid
proc-core/1.0.94 (processor)
proc-nfa/1.1.46 (processor)
✓ license status: valid
• actions: 2, enabled: 2
• targets: 1, enabled: 1
• global exemptions: 0
• flows: 176 / 176, queued: 1
sink-http/1.0.64 (sink)
sink-log/1.0.62 (sink)
sink-socket/1.0.76 (sink)

grepzilla · February 6, 2026, 4:22pm

Hello,

I have read Tommaso Bailetti’s feedback on the forum. I can confirm that his analysis perfectly matches what happened on my unit (version 8.7.1): the services were disabled following the latest package updates.

As suggested, I have also enabled and started the license update service to ensure everything is correctly configured:

/etc/init.d/netifyd enable
/etc/init.d/dpi-license-update enable
/etc/init.d/dpi-license-update start

The system is now stable, and the DPI-core remains active even after a reboot. Thank you for investigating the issue and for your technical support.