Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 24 Apr 2016 08:28:27 -0500
From:      Mark Felder <feld@FreeBSD.org>
To:        samira <nazari.s11@gmail.com>, freebsd-ipfw@freebsd.org
Subject:   Re: Whether IPFW generates " No buffer space available " error ?
Message-ID:  <1461504507.3722666.587983145.7C4C681F@webmail.messagingengine.com>
In-Reply-To: <1461394000058-6093661.post@n5.nabble.com>
References:  <1461394000058-6093661.post@n5.nabble.com>
next in thread | previous in thread | raw e-mail | index | archive | help 


On Sat, Apr 23, 2016, at 01:46, samira wrote:
> Hi everyone,
> I using FreeBSD9.2 and defining a rule in ipfw that divert tcp packets on
> port 80 to port 8000 and by suricata will be reviewed.
> ipfw list:
> 01901 divert 8000 tcp from any to any dst-port 80
> 
> And then the packets is sent by altq to queue defined
> ipfw list:
> 03009 skipto 3011 tcp from any to any dst-port 80
> 03010 skipto 3012 ip from any to any
> 03011 allow altq http-gbeth3-out ip from any to any via gbeth3 out
> 
> And we limit bandwidth in pf.conf for http traffic
> pf.conf:
> queue http-gbeth3-out bandwidth 50Kb  hfsc (  upperlimit 50Kb )
> 
> When the transmission of huge amounts of http packets and pf action is to
> drop packets, suricata crash and the following message appears in the
> suricata.log file:
> <Warning> - [ERRCODE: SC_WARN_IPFW_XMIT(84)] - Write to ipfw divert
> socket
> failed: No buffer space available
> 
> Has anyone dealt with this issue?
> 
> There is a similar problem:
> By sending ICMP packets to the queue and send ping from the interface
> also
> seen this problem  and the following message is displayed:
>  ping: sendto: No buffer space available
> 
> 
> If the specified bandwidth increased and not drop any packets, this
> problem
> does not occur.
> 
> Thank you for all of your comments and help. 
> 
> 

I ran into this "No buffer space available" problem when I was first
setting up QoS on my IPFW firewall. The problem ended up being an issue
with my IPFW/QoS rules combined with my NAT; the order of my rules was
incorrect and I think packets kept getting reprocessed. I can't be sure
of the issue in your situation, but you may want to carefully review
your entire ruleset. Remember that IPFW is "first match wins".

-- 
  Mark Felder
  ports-secteam member
  feld@FreeBSD.org

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1461504507.3722666.587983145.7C4C681F>