[Oisf-users] Write to ipfw divert socket failed: Permission denied
Oliver Humpage
oliver at watershed.co.uk
Thu Sep 24 11:18:43 UTC 2015
> On 24 Sep 2015, at 11:27, Olivier Cochard-Labbé <olivier at cochard.me> wrote:
>
> I'm using FreeBSD (11-head) and suricata 2.0.8 in ipfw divert mode.
> This setup works great in a lab with very few IP flow (just some ping and manual telnet to port 80 for testing the IDS signature).
> But once deployed on real environnement, it only need one workstation for crashing suricata in few seconds.
I didn’t get the same errors, but I found suricata + divert + FreeBSD 10 to be unstable and keep ramping up ludicrous load averages.
Solution was to switch to using netmap (thanks @gureedo), which is in the main git repo now. I’ve tested on FreeBSD 10 and it seems to work perfectly (and much, much quicker than ipfw+divert). I’ve not deployed it into production yet because I’m waiting for a proper release of suricata, rather than just installing the master branch, but if you’re running 11-head that might not matter to you :)
Oliver.
More information about the Oisf-users
mailing list