[Bug 264739] send(2) doesn't document EAFNOSUPPORT error

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 264739] send(2) doesn't document EAFNOSUPPORT error"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Thu, 30 Jun 2022 21:37:10 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=264739

Peter Much <pmc@citylink.dinoex.sub.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |pmc@citylink.dinoex.sub.org

--- Comment #5 from Peter Much <pmc@citylink.dinoex.sub.org> ---
I was just hit by this bug also, as it crashes my IPS:

suricata[13989]: [105773] <Warning> -- [ERRCODE: SC_WARN_IPFW_XMIT(84)] - Write
to ipfw divert socket failed: Address family not supported by protocol family
suricata[13989]: [105588] <Error> -- [ERRCODE: SC_ERR_FATAL(171)] - thread
W-8677 failed

This happens every time at the moment when an SMTP connection via IPv6 switches
to STARTTLS. (I can do it manually in telnet: the connection builds up
normally, and after I type in STARTTLS on the client side, the crash happens.)

I do not see why the protocol family of an active tcp session on port 25 would
change when deciding to do TLS.

For now I have changed the IPS to ignore this errorcode, and apparently that
helps - a mail went through successfully, with no anomalies visible in tcpdump.

I'll attach my patch on security/suricata

-- 
You are receiving this mail because:
You are on the CC list for the bug.