Date: Mon, 25 Apr 2016 17:25:16 +0200 From: Kristof Provost <kp@FreeBSD.org> To: samira <nazari.s11@gmail.com> Cc: freebsd-pf@freebsd.org Subject: Re: Whether pf generates " No buffer space available " error ? Message-ID: <20160425152516.GB3891@vega.codepro.be> In-Reply-To: <1461393809421-6093660.post@n5.nabble.com> References: <1461393809421-6093660.post@n5.nabble.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2016-04-22 23:43:29 (-0700), samira <nazari.s11@gmail.com> wrote: > I using FreeBSD9.2 It's worth noting that FreeBSD 9.2 is no longer supported (and hasn't been since the end of 2014). You really should upgrade to something with security support. That could be 9.3, but that release will only be supported until the end of 2016, so you might want to jump straight to 10.3 (supported until April 30, 2018). > When the transmission of huge amounts of http packets and pf action is to > drop packets, suricata crash and the following message appears in the > suricata.log file: > <Warning> - [ERRCODE: SC_WARN_IPFW_XMIT(84)] - Write to ipfw divert socket > failed: No buffer space available > > Has anyone dealt with this issue? > > There is a similar problem: > By sending ICMP packets to the queue and send ping from the interface also > seen this problem and the following message is displayed: > ping: sendto: No buffer space available > I've never seen this before, but it looks like you're running out of memory. Perhaps the queue is not getting limited the way it should be, and the traffic just piles up, until it's used all of the memory and things start breaking. Or perhaps the dropped packets are not freed, and we're leaking memory that way. > If the specified bandwidth increased and not drop any packets, this problem > does not occur. > That is consistent with both hypotheses, yes. The output of 'netstat -m' before and after you've encountered the problem should help to confirm that. Can you reproduce this on a supported release, or (ideally) on current? Regards, Kristof
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20160425152516.GB3891>