[Oisf-devel] [Oisf-users] Suricata - Write to ipfw divert socket failed
Eric Leblond
eric at regit.org
Wed Mar 5 23:02:41 UTC 2014
Hi,
On Thu, 2014-03-06 at 00:55 +0200, Özkan KIRIK wrote:
> I tried to compile both clang and gcc. Result was same.
>
> This error appears sometimes. Not for all packets.
>
> There is only one rule : pass ip any any -> any any
There is an old memory coming back to me. Not sure but I think this is
linked with non routable packet reaching the filter (packet going to the
box for example). And there is a failure at reinject because the packet
can't be send.
BR,
>
>
> 6 Mar 2014 00:49 tarihinde "Özkan KIRIK" <ozkan.kirik at gmail.com>
> yazdı:
> Hi,
>
> I was running suricata with these arguments;
>
> suricata -vv -d 8000
>
> ipfw add divert 8000 all from any to 10.2.2.10
> ipfw add divert 8000 all from 10.2.2.10 to any
>
> 6 Mar 2014 00:45 tarihinde "Shirkdog" <shirkdog at gmail.com>
> yazdı:
> Do you have ipfw setup with the divert socket set to a
> port?
>
> On Mar 5, 2014 5:17 PM, "Özkan KIRIK"
> <ozkan.kirik at gmail.com> wrote:
> Hi,
>
>
> I'm using FreeBSD 10 ipfw and ipdivert
> enabled.
> I tried suricata v.1.4.6, v1.4.7 and also
> 2.0rc1.
>
>
> All versions throws this error sometimes
> "<Warning> - [ERRCODE: SC_WARN_IPFW_XMIT(84)]
> - Write to ipfw divert socket failed:
> Permission denied"
> After a while, thread restart threshold
> exceeded and suricata completely shutdown.
>
>
> I was diverted only 1 host to suricata. But
> still gives this error.
>
>
> It's strange, I inspected the source-ipfw.c
> file. The problem about injecting packet back
> to divert socket.
>
>
> errno = 13 - EACCESS.
>
>
> I saw that SO_BROADCAST option was set to
> socket.
>
>
> How can i debug this situation, or any
> solutions?
>
>
> Best regards
>
> _______________________________________________
> Suricata IDS Users mailing list:
> oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support:
> http://suricata-ids.org/support/
> List:
> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> OISF: http://www.openinfosecfoundation.org/
> _______________________________________________
> Suricata IDS Devel mailing list: oisf-devel at openinfosecfoundation.org
> Site: http://suricata-ids.org | Participate: http://suricata-ids.org/participate/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
> Redmine: https://redmine.openinfosecfoundation.org/
--
Eric Leblond <eric at regit.org>
More information about the Oisf-devel
mailing list