From owner-freebsd-ipfw@freebsd.org Mon Apr 25 07:31:27 2016 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A1000B1C920 for ; Mon, 25 Apr 2016 07:31:27 +0000 (UTC) (envelope-from nazari.s11@gmail.com) Received: from mbob.nabble.com (mbob.nabble.com [162.253.133.15]) by mx1.freebsd.org (Postfix) with ESMTP id 90EEF1A5A for ; Mon, 25 Apr 2016 07:31:27 +0000 (UTC) (envelope-from nazari.s11@gmail.com) Received: from msam.nabble.com (unknown [162.253.133.85]) by mbob.nabble.com (Postfix) with ESMTP id 4CE12261406C for ; Mon, 25 Apr 2016 00:17:17 -0700 (PDT) Date: Mon, 25 Apr 2016 00:31:19 -0700 (MST) From: samira To: freebsd-ipfw@freebsd.org Message-ID: <1461569479635-6094082.post@n5.nabble.com> In-Reply-To: <1461504507.3722666.587983145.7C4C681F@webmail.messagingengine.com> References: <1461394000058-6093661.post@n5.nabble.com> <1461504507.3722666.587983145.7C4C681F@webmail.messagingengine.com> Subject: Re: Whether IPFW generates " No buffer space available " error ? MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Apr 2016 07:31:27 -0000 Mark Felder wrote > On Sat, Apr 23, 2016, at 01:46, samira wrote: >> Hi everyone, >> I using FreeBSD9.2 and defining a rule in ipfw that divert tcp packets on >> port 80 to port 8000 and by suricata will be reviewed. >> ipfw list: >> 01901 divert 8000 tcp from any to any dst-port 80 >> >> And then the packets is sent by altq to queue defined >> ipfw list: >> 03009 skipto 3011 tcp from any to any dst-port 80 >> 03010 skipto 3012 ip from any to any >> 03011 allow altq http-gbeth3-out ip from any to any via gbeth3 out >> >> And we limit bandwidth in pf.conf for http traffic >> pf.conf: >> queue http-gbeth3-out bandwidth 50Kb hfsc ( upperlimit 50Kb ) >> >> When the transmission of huge amounts of http packets and pf action is to >> drop packets, suricata crash and the following message appears in the >> suricata.log file: >> > > - [ERRCODE: SC_WARN_IPFW_XMIT(84)] - Write to ipfw divert >> socket >> failed: No buffer space available >> >> Has anyone dealt with this issue? >> >> There is a similar problem: >> By sending ICMP packets to the queue and send ping from the interface >> also >> seen this problem and the following message is displayed: >> ping: sendto: No buffer space available >> >> >> If the specified bandwidth increased and not drop any packets, this >> problem >> does not occur. >> >> Thank you for all of your comments and help. >> >> > > I ran into this "No buffer space available" problem when I was first > setting up QoS on my IPFW firewall. The problem ended up being an issue > with my IPFW/QoS rules combined with my NAT; the order of my rules was > incorrect and I think packets kept getting reprocessed. I can't be sure > of the issue in your situation, but you may want to carefully review > your entire ruleset. Remember that IPFW is "first match wins". > > -- > Mark Felder > ports-secteam member > > feld@ > _______________________________________________ > freebsd-ipfw@ > mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to " > freebsd-ipfw-unsubscribe@ > " We have common point in IPFW and QOS, but i use one rule in ipfw for divert packets to suricata in port 8000, what is your NAT config ? are you use ipfw rule for NAT? And is possible send me your rules before and after that problem is solved? Also i changed my scenario and now i have 3 rules but i see again "no buffer space ..." warning in suricata.log. all of my rules are: 01900 divert 8000 tcp from any to any dst-port 80 ipfw pipe 1 config bw 40Kbit 02000 pipe 1 tcp from any to any dst-port 80 via gbeth3 out 65535 allow ip from any to any -- View this message in context: http://freebsd.1045724.n5.nabble.com/Whether-IPFW-generates-No-buffer-space-available-error-tp6093661p6094082.html Sent from the freebsd-ipfw mailing list archive at Nabble.com.