From owner-freebsd-pf@freebsd.org Mon Apr 25 15:25:20 2016 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5B35EB1C573 for ; Mon, 25 Apr 2016 15:25:20 +0000 (UTC) (envelope-from kp@vega.codepro.be) Received: from venus.codepro.be (venus.codepro.be [IPv6:2a01:4f8:162:1127::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.codepro.be", Issuer "Gandi Standard SSL CA 2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 2787A185E for ; Mon, 25 Apr 2016 15:25:19 +0000 (UTC) (envelope-from kp@vega.codepro.be) Received: from vega.codepro.be (unknown [172.16.1.3]) by venus.codepro.be (Postfix) with ESMTP id 3F78D2E6ED; Mon, 25 Apr 2016 17:25:16 +0200 (CEST) Received: by vega.codepro.be (Postfix, from userid 1001) id 3304610DCE5; Mon, 25 Apr 2016 17:25:16 +0200 (CEST) Date: Mon, 25 Apr 2016 17:25:16 +0200 From: Kristof Provost To: samira Cc: freebsd-pf@freebsd.org Subject: Re: Whether pf generates " No buffer space available " error ? Message-ID: <20160425152516.GB3891@vega.codepro.be> References: <1461393809421-6093660.post@n5.nabble.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <1461393809421-6093660.post@n5.nabble.com> X-Checked-By-NSA: Probably User-Agent: Mutt/1.6.0 (2016-04-01) X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Apr 2016 15:25:20 -0000 On 2016-04-22 23:43:29 (-0700), samira wrote: > I using FreeBSD9.2 It's worth noting that FreeBSD 9.2 is no longer supported (and hasn't been since the end of 2014). You really should upgrade to something with security support. That could be 9.3, but that release will only be supported until the end of 2016, so you might want to jump straight to 10.3 (supported until April 30, 2018). > When the transmission of huge amounts of http packets and pf action is to > drop packets, suricata crash and the following message appears in the > suricata.log file: > - [ERRCODE: SC_WARN_IPFW_XMIT(84)] - Write to ipfw divert socket > failed: No buffer space available > > Has anyone dealt with this issue? > > There is a similar problem: > By sending ICMP packets to the queue and send ping from the interface also > seen this problem and the following message is displayed: > ping: sendto: No buffer space available > I've never seen this before, but it looks like you're running out of memory. Perhaps the queue is not getting limited the way it should be, and the traffic just piles up, until it's used all of the memory and things start breaking. Or perhaps the dropped packets are not freed, and we're leaking memory that way. > If the specified bandwidth increased and not drop any packets, this problem > does not occur. > That is consistent with both hypotheses, yes. The output of 'netstat -m' before and after you've encountered the problem should help to confirm that. Can you reproduce this on a supported release, or (ideally) on current? Regards, Kristof