[Oisf-users] Suricata - Write to ipfw divert socket failed
Özkan KIRIK
ozkan.kirik at gmail.com
Wed Mar 5 22:49:45 UTC 2014
Hi,
I was running suricata with these arguments;
suricata -vv -d 8000
ipfw add divert 8000 all from any to 10.2.2.10
ipfw add divert 8000 all from 10.2.2.10 to any
6 Mar 2014 00:45 tarihinde "Shirkdog" <shirkdog at gmail.com> yazdı:
> Do you have ipfw setup with the divert socket set to a port?
> On Mar 5, 2014 5:17 PM, "Özkan KIRIK" <ozkan.kirik at gmail.com> wrote:
>
>> Hi,
>>
>> I'm using FreeBSD 10 ipfw and ipdivert enabled.
>> I tried suricata v.1.4.6, v1.4.7 and also 2.0rc1.
>>
>> All versions throws this error sometimes "<Warning> - [ERRCODE:
>> SC_WARN_IPFW_XMIT(84)] - Write to ipfw divert socket failed: Permission
>> denied"
>> After a while, thread restart threshold exceeded and suricata completely
>> shutdown.
>>
>> I was diverted only 1 host to suricata. But still gives this error.
>>
>> It's strange, I inspected the source-ipfw.c file. The problem about
>> injecting packet back to divert socket.
>>
>> errno = 13 - EACCESS.
>>
>> I saw that SO_BROADCAST option was set to socket.
>>
>> How can i debug this situation, or any solutions?
>>
>> Best regards
>>
>> _______________________________________________
>> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
>> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
>> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>> OISF: http://www.openinfosecfoundation.org/
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20140306/d9b62daf/attachment-0002.html>
More information about the Oisf-users
mailing list