[Oisf-users] Suricata - Write to ipfw divert socket failed

[Özkan KIRIK]

I tried to compile both clang and gcc. Result was same.

This error appears sometimes. Not for all packets.

There is only one rule : pass ip any any -> any any
 6 Mar 2014 00:49 tarihinde "Özkan KIRIK" <ozkan.kirik at gmail.com> yazdı:

> Hi,
>
> I was running suricata with these arguments;
>
> suricata -vv -d 8000
>
> ipfw add divert 8000 all from any to 10.2.2.10
> ipfw add divert 8000 all from 10.2.2.10 to any
> 6 Mar 2014 00:45 tarihinde "Shirkdog" <shirkdog at gmail.com> yazdı:
>
>> Do you have ipfw setup with the divert socket set to a port?
>> On Mar 5, 2014 5:17 PM, "Özkan KIRIK" <ozkan.kirik at gmail.com> wrote:
>>
>>> Hi,
>>>
>>> I'm using FreeBSD 10 ipfw and ipdivert enabled.
>>> I tried suricata v.1.4.6, v1.4.7 and also 2.0rc1.
>>>
>>> All versions throws this error sometimes "<Warning> - [ERRCODE:
>>> SC_WARN_IPFW_XMIT(84)] - Write to ipfw divert socket failed: Permission
>>> denied"
>>> After a while, thread restart threshold exceeded and suricata completely
>>> shutdown.
>>>
>>> I was diverted only 1 host to suricata. But still gives this error.
>>>
>>> It's strange, I inspected the source-ipfw.c file. The problem about
>>> injecting packet back to divert socket.
>>>
>>> errno = 13 - EACCESS.
>>>
>>> I saw that SO_BROADCAST option was set to socket.
>>>
>>> How can i debug this situation, or any solutions?
>>>
>>> Best regards
>>>
>>> _______________________________________________
>>> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
>>> Site: http://suricata-ids.org | Support:
>>> http://suricata-ids.org/support/
>>> List:
>>> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>>> OISF: http://www.openinfosecfoundation.org/
>>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20140306/7687efab/attachment-0002.html>