<p dir="ltr">I tried to compile both clang and gcc. Result was same.</p>
<p dir="ltr">This error appears sometimes. Not for all packets.</p>
<p dir="ltr">There is only one rule : pass ip any any -> any any<br>
</p>
<div class="gmail_quote">6 Mar 2014 00:49 tarihinde "Özkan KIRIK" <<a href="mailto:ozkan.kirik@gmail.com">ozkan.kirik@gmail.com</a>> yazdý:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<p dir="ltr">Hi,</p>
<p dir="ltr">I was running suricata with these arguments;</p>
<p dir="ltr">suricata -vv -d 8000</p>
<p dir="ltr">ipfw add divert 8000 all from any to 10.2.2.10<br>
ipfw add divert 8000 all from 10.2.2.10 to any</p>
<div class="gmail_quote">6 Mar 2014 00:45 tarihinde "Shirkdog" <<a href="mailto:shirkdog@gmail.com" target="_blank">shirkdog@gmail.com</a>> yazdý:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<p dir="ltr">Do you have ipfw setup with the divert socket set to a port?</p>
<div class="gmail_quote">On Mar 5, 2014 5:17 PM, "Özkan KIRIK" <<a href="mailto:ozkan.kirik@gmail.com" target="_blank">ozkan.kirik@gmail.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">Hi,<div><br></div><div>I'm using FreeBSD 10 ipfw and ipdivert enabled.</div><div>I tried suricata v.1.4.6, v1.4.7 and also 2.0rc1.</div><div><br></div><div>All versions throws this error sometimes "<Warning> - [ERRCODE: SC_WARN_IPFW_XMIT(84)] - Write to ipfw divert socket failed: Permission denied"</div>
<div>After a while, thread restart threshold exceeded and suricata completely shutdown.</div><div><br></div><div>I was diverted only 1 host to suricata. But still gives this error.</div><div><br></div><div>It's strange, I inspected the source-ipfw.c file. The problem about injecting packet back to divert socket.</div>
<div><br></div><div>errno = 13 - EACCESS.</div><div><br></div><div>I saw that SO_BROADCAST option was set to socket.</div><div><br></div><div>How can i debug this situation, or any solutions?</div><div><br></div><div>Best regards</div>
</div>
<br>_______________________________________________<br>
Suricata IDS Users mailing list: <a href="mailto:oisf-users@openinfosecfoundation.org" target="_blank">oisf-users@openinfosecfoundation.org</a><br>
Site: <a href="http://suricata-ids.org" target="_blank">http://suricata-ids.org</a> | Support: <a href="http://suricata-ids.org/support/" target="_blank">http://suricata-ids.org/support/</a><br>
List: <a href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" target="_blank">https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br>
OISF: <a href="http://www.openinfosecfoundation.org/" target="_blank">http://www.openinfosecfoundation.org/</a><br></blockquote></div>
</blockquote></div>
</blockquote></div>