From owner-freebsd-ipfw@freebsd.org Sat Apr 23 06:46:43 2016 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 327A2B181F0 for ; Sat, 23 Apr 2016 06:46:43 +0000 (UTC) (envelope-from nazari.s11@gmail.com) Received: from mbob.nabble.com (mbob.nabble.com [162.253.133.15]) by mx1.freebsd.org (Postfix) with ESMTP id 240E01E09 for ; Sat, 23 Apr 2016 06:46:43 +0000 (UTC) (envelope-from nazari.s11@gmail.com) Received: from msam.nabble.com (unknown [162.253.133.85]) by mbob.nabble.com (Postfix) with ESMTP id 0694125F3430 for ; Fri, 22 Apr 2016 23:32:51 -0700 (PDT) Date: Fri, 22 Apr 2016 23:46:40 -0700 (MST) From: samira To: freebsd-ipfw@freebsd.org Message-ID: <1461394000058-6093661.post@n5.nabble.com> Subject: Whether IPFW generates " No buffer space available " error ? MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 23 Apr 2016 06:46:43 -0000 Hi everyone, I using FreeBSD9.2 and defining a rule in ipfw that divert tcp packets on port 80 to port 8000 and by suricata will be reviewed. ipfw list: 01901 divert 8000 tcp from any to any dst-port 80 And then the packets is sent by altq to queue defined ipfw list: 03009 skipto 3011 tcp from any to any dst-port 80 03010 skipto 3012 ip from any to any 03011 allow altq http-gbeth3-out ip from any to any via gbeth3 out And we limit bandwidth in pf.conf for http traffic pf.conf: queue http-gbeth3-out bandwidth 50Kb hfsc ( upperlimit 50Kb ) When the transmission of huge amounts of http packets and pf action is to drop packets, suricata crash and the following message appears in the suricata.log file: - [ERRCODE: SC_WARN_IPFW_XMIT(84)] - Write to ipfw divert socket failed: No buffer space available Has anyone dealt with this issue? There is a similar problem: By sending ICMP packets to the queue and send ping from the interface also seen this problem and the following message is displayed: ping: sendto: No buffer space available If the specified bandwidth increased and not drop any packets, this problem does not occur. Thank you for all of your comments and help. -- View this message in context: http://freebsd.1045724.n5.nabble.com/Whether-IPFW-generates-No-buffer-space-available-error-tp6093661.html Sent from the freebsd-ipfw mailing list archive at Nabble.com.