[Oisf-devel] Suricata IPFW IPS mode on FreeBSD and broadcast packets.

[Victor Julien]

On 12/22/2012 12:03 PM, Nikolay Denev wrote:
> 
> On Dec 22, 2012, at 12:51 PM, Eric Leblond <eric at regit.org
> <mailto:eric at regit.org>> wrote:
> 
>> Hello,
>>
>> On Sat, 2012-12-22 at 12:27 +0200, Nikolay Denev wrote:
>>> Hi,
>>>
>>>
>>> I'm experimenting running suricata in inline mode using IPFW divert on
>>> FreeBSD.
>>> And I had many errors on the console like these:
>>>
>>>
>>>        [100108] 22/12/2012 -- 08:59:32 - (source-ipfw.c:684) <Info>
>>>        (VerdictIPFWThreadExitStats) -- IPFW Processing: - (Verdict0)
>>>        Pkts accepted 4890, dropped 120
>> ...
>>>         ipfw divert socket failed: Permission denied
>>>        [100108] 22/12/2012 -- 09:02:48 - (source-ipfw.c:684) <Info>
>>>        (VerdictIPFWThreadExitStats) -- IPFW Processing: - (Verdict0)
>>>        Pkts accepted 4649, dropped 98
>>>        [100048] 22/12/2012 -- 09:02:48 - (tm-threads.c:2045) <Error>
>>>        (TmThreadRestartThread) -- [ERRCODE:
>>>        SC_ERR_TM_THREADS_ERROR(136)] - thread restarts exceeded
>>>        threshold limit for thread "Verdict0"
>>>
>>>
>>> Turns out, sendto() reruns EACCESS when sending packets with broadcast
>>> address as destination without SO_BROADCAST flag set on the socket.
>>> I've applied this patch and now there are no more messages like these
>>> and suricata does not crash anymore.
>>
>> Really good catch!
>>
>> Patch seems good to me. Can you do a pull request on github for Victor
>> or do you want me to do so ? (I've already pushed your patch to a
>> branch).
>>
>> BR,
>> -- 
>> Eric Leblond <eric at regit.org <mailto:eric at regit.org>>
>> Blog: https://home.regit.org/
>>
> 
> Thanks, I've just opened a pull
> request https://github.com/inliniac/suricata/pull/249

Do we need this for the 1.3.x branch as well?

-- 
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------