Whether IPFW generates " No buffer space available " error ?
samira
nazari.s11 at gmail.com
Mon Apr 25 07:31:27 UTC 2016
Mark Felder wrote
> On Sat, Apr 23, 2016, at 01:46, samira wrote:
>> Hi everyone,
>> I using FreeBSD9.2 and defining a rule in ipfw that divert tcp packets on
>> port 80 to port 8000 and by suricata will be reviewed.
>> ipfw list:
>> 01901 divert 8000 tcp from any to any dst-port 80
>>
>> And then the packets is sent by altq to queue defined
>> ipfw list:
>> 03009 skipto 3011 tcp from any to any dst-port 80
>> 03010 skipto 3012 ip from any to any
>> 03011 allow altq http-gbeth3-out ip from any to any via gbeth3 out
>>
>> And we limit bandwidth in pf.conf for http traffic
>> pf.conf:
>> queue http-gbeth3-out bandwidth 50Kb hfsc ( upperlimit 50Kb )
>>
>> When the transmission of huge amounts of http packets and pf action is to
>> drop packets, suricata crash and the following message appears in the
>> suricata.log file:
>>
> <Warning>
> - [ERRCODE: SC_WARN_IPFW_XMIT(84)] - Write to ipfw divert
>> socket
>> failed: No buffer space available
>>
>> Has anyone dealt with this issue?
>>
>> There is a similar problem:
>> By sending ICMP packets to the queue and send ping from the interface
>> also
>> seen this problem and the following message is displayed:
>> ping: sendto: No buffer space available
>>
>>
>> If the specified bandwidth increased and not drop any packets, this
>> problem
>> does not occur.
>>
>> Thank you for all of your comments and help.
>>
>>
>
> I ran into this "No buffer space available" problem when I was first
> setting up QoS on my IPFW firewall. The problem ended up being an issue
> with my IPFW/QoS rules combined with my NAT; the order of my rules was
> incorrect and I think packets kept getting reprocessed. I can't be sure
> of the issue in your situation, but you may want to carefully review
> your entire ruleset. Remember that IPFW is "first match wins".
>
> --
> Mark Felder
> ports-secteam member
>
> feld@
> _______________________________________________
> freebsd-ipfw@
> mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
> To unsubscribe, send any mail to "
> freebsd-ipfw-unsubscribe@
> "
We have common point in IPFW and QOS, but i use one rule in ipfw for divert
packets to suricata in port 8000, what is your NAT config ? are you use ipfw
rule for NAT?
And is possible send me your rules before and after that problem is solved?
Also i changed my scenario and now i have 3 rules but i see again "no buffer
space ..." warning in suricata.log.
all of my rules are:
01900 divert 8000 tcp from any to any dst-port 80
ipfw pipe 1 config bw 40Kbit
02000 pipe 1 tcp from any to any dst-port 80 via gbeth3 out
65535 allow ip from any to any
--
View this message in context: http://freebsd.1045724.n5.nabble.com/Whether-IPFW-generates-No-buffer-space-available-error-tp6093661p6094082.html
Sent from the freebsd-ipfw mailing list archive at Nabble.com.
More information about the freebsd-ipfw
mailing list