[Oisf-devel] Suricata IPFW IPS mode on FreeBSD and broadcast packets.
Nikolay Denev
ndenev at gmail.com
Sat Dec 22 11:03:31 UTC 2012
On Dec 22, 2012, at 12:51 PM, Eric Leblond <eric at regit.org> wrote:
> Hello,
>
> On Sat, 2012-12-22 at 12:27 +0200, Nikolay Denev wrote:
>> Hi,
>>
>>
>> I'm experimenting running suricata in inline mode using IPFW divert on
>> FreeBSD.
>> And I had many errors on the console like these:
>>
>>
>> [100108] 22/12/2012 -- 08:59:32 - (source-ipfw.c:684) <Info>
>> (VerdictIPFWThreadExitStats) -- IPFW Processing: - (Verdict0)
>> Pkts accepted 4890, dropped 120
> ...
>> ipfw divert socket failed: Permission denied
>> [100108] 22/12/2012 -- 09:02:48 - (source-ipfw.c:684) <Info>
>> (VerdictIPFWThreadExitStats) -- IPFW Processing: - (Verdict0)
>> Pkts accepted 4649, dropped 98
>> [100048] 22/12/2012 -- 09:02:48 - (tm-threads.c:2045) <Error>
>> (TmThreadRestartThread) -- [ERRCODE:
>> SC_ERR_TM_THREADS_ERROR(136)] - thread restarts exceeded
>> threshold limit for thread "Verdict0"
>>
>>
>> Turns out, sendto() reruns EACCESS when sending packets with broadcast
>> address as destination without SO_BROADCAST flag set on the socket.
>> I've applied this patch and now there are no more messages like these
>> and suricata does not crash anymore.
>
> Really good catch!
>
> Patch seems good to me. Can you do a pull request on github for Victor
> or do you want me to do so ? (I've already pushed your patch to a
> branch).
>
> BR,
> --
> Eric Leblond <eric at regit.org>
> Blog: https://home.regit.org/
>
Thanks, I've just opened a pull request https://github.com/inliniac/suricata/pull/249
Regards,
Nikolay
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20121222/749f715b/attachment-0002.html>
More information about the Oisf-devel
mailing list