[Oisf-devel] Suricata IPFW IPS mode on FreeBSD and broadcast packets.
Eric Leblond
eric at regit.org
Sat Dec 22 10:51:27 UTC 2012
Hello,
On Sat, 2012-12-22 at 12:27 +0200, Nikolay Denev wrote:
> Hi,
>
>
> I'm experimenting running suricata in inline mode using IPFW divert on
> FreeBSD.
> And I had many errors on the console like these:
>
>
> [100108] 22/12/2012 -- 08:59:32 - (source-ipfw.c:684) <Info>
> (VerdictIPFWThreadExitStats) -- IPFW Processing: - (Verdict0)
> Pkts accepted 4890, dropped 120
...
> ipfw divert socket failed: Permission denied
> [100108] 22/12/2012 -- 09:02:48 - (source-ipfw.c:684) <Info>
> (VerdictIPFWThreadExitStats) -- IPFW Processing: - (Verdict0)
> Pkts accepted 4649, dropped 98
> [100048] 22/12/2012 -- 09:02:48 - (tm-threads.c:2045) <Error>
> (TmThreadRestartThread) -- [ERRCODE:
> SC_ERR_TM_THREADS_ERROR(136)] - thread restarts exceeded
> threshold limit for thread "Verdict0"
>
>
> Turns out, sendto() reruns EACCESS when sending packets with broadcast
> address as destination without SO_BROADCAST flag set on the socket.
> I've applied this patch and now there are no more messages like these
> and suricata does not crash anymore.
Really good catch!
Patch seems good to me. Can you do a pull request on github for Victor
or do you want me to do so ? (I've already pushed your patch to a
branch).
BR,
--
Eric Leblond <eric at regit.org>
Blog: https://home.regit.org/
More information about the Oisf-devel
mailing list