Date: Mon, 25 Apr 2016 00:31:19 -0700 (MST) From: samira <nazari.s11@gmail.com> To: freebsd-ipfw@freebsd.org Subject: Re: Whether IPFW generates " No buffer space available " error ? Message-ID: <1461569479635-6094082.post@n5.nabble.com> In-Reply-To: <1461504507.3722666.587983145.7C4C681F@webmail.messagingengine.com> References: <1461394000058-6093661.post@n5.nabble.com> <1461504507.3722666.587983145.7C4C681F@webmail.messagingengine.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Mark Felder wrote > On Sat, Apr 23, 2016, at 01:46, samira wrote: >> Hi everyone, >> I using FreeBSD9.2 and defining a rule in ipfw that divert tcp packets on >> port 80 to port 8000 and by suricata will be reviewed. >> ipfw list: >> 01901 divert 8000 tcp from any to any dst-port 80 >> >> And then the packets is sent by altq to queue defined >> ipfw list: >> 03009 skipto 3011 tcp from any to any dst-port 80 >> 03010 skipto 3012 ip from any to any >> 03011 allow altq http-gbeth3-out ip from any to any via gbeth3 out >> >> And we limit bandwidth in pf.conf for http traffic >> pf.conf: >> queue http-gbeth3-out bandwidth 50Kb hfsc ( upperlimit 50Kb ) >> >> When the transmission of huge amounts of http packets and pf action is to >> drop packets, suricata crash and the following message appears in the >> suricata.log file: >> > <Warning> > - [ERRCODE: SC_WARN_IPFW_XMIT(84)] - Write to ipfw divert >> socket >> failed: No buffer space available >> >> Has anyone dealt with this issue? >> >> There is a similar problem: >> By sending ICMP packets to the queue and send ping from the interface >> also >> seen this problem and the following message is displayed: >> ping: sendto: No buffer space available >> >> >> If the specified bandwidth increased and not drop any packets, this >> problem >> does not occur. >> >> Thank you for all of your comments and help. >> >> > > I ran into this "No buffer space available" problem when I was first > setting up QoS on my IPFW firewall. The problem ended up being an issue > with my IPFW/QoS rules combined with my NAT; the order of my rules was > incorrect and I think packets kept getting reprocessed. I can't be sure > of the issue in your situation, but you may want to carefully review > your entire ruleset. Remember that IPFW is "first match wins". > > -- > Mark Felder > ports-secteam member > > feld@ > _______________________________________________ > freebsd-ipfw@ > mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to " > freebsd-ipfw-unsubscribe@ > " We have common point in IPFW and QOS, but i use one rule in ipfw for divert packets to suricata in port 8000, what is your NAT config ? are you use ipfw rule for NAT? And is possible send me your rules before and after that problem is solved? Also i changed my scenario and now i have 3 rules but i see again "no buffer space ..." warning in suricata.log. all of my rules are: 01900 divert 8000 tcp from any to any dst-port 80 ipfw pipe 1 config bw 40Kbit 02000 pipe 1 tcp from any to any dst-port 80 via gbeth3 out 65535 allow ip from any to any -- View this message in context: http://freebsd.1045724.n5.nabble.com/Whether-IPFW-generates-No-buffer-space-available-error-tp6093661p6094082.html Sent from the freebsd-ipfw mailing list archive at Nabble.com.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1461569479635-6094082.post>