Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Layer 7 issues on 2.1.5

    Scheduled Pinned Locked Moved Traffic Shaping
    4 Posts 2 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      wraezor
      last edited by

      Hey folks,

      We've been trying to implement some Layer7 filtering, but have come across an issue that is preventing it from working properly for, seemingly, any protocols.

      	 <l7shaper><container><container><name>WEB</name>
			<enabled>on</enabled>

			<divert_port>47194</divert_port>
			 <l7rules><protocol>http</protocol>
				<structure>action</structure>
				<behaviour>block</behaviour></l7rules></container></container></l7shaper> 

      May 5 15:36:03 	ipfw-classifyd: Reloading config...
May 5 15:36:03 	ipfw-classifyd: Loaded Protocol: http (rule action block)
May 5 15:36:09 	ipfw-classifyd: unable to write to divert socket: Invalid argument
May 5 15:36:17 	ipfw-classifyd: unable to write to divert socket: Invalid argument
May 5 15:36:17 	ipfw-classifyd: unable to write to divert socket: Invalid argument
May 5 15:36:18 	ipfw-classifyd: unable to write to divert socket: Invalid argument
May 5 15:36:18 	ipfw-classifyd: unable to write to divert socket: Invalid argument
May 5 15:36:19 	ipfw-classifyd: unable to write to divert socket: Invalid argument
May 5 15:36:19 	ipfw-classifyd: unable to write to divert socket: Invalid argument

      Divert socket is there:

      [2.1.5-RELEASE][admin@route1]/root(282): netstat -lna | grep div
div4       0      0 *.47195                *.*   
```             

And the log messages just go on and on.  This seems to be an actual issue and not a red herring.  I have tried other protocols (including removing http) and its the same issue.  Am I doing something wrong?  Or is there a fix for this?  I found some other posts with similar issues in 2.0, but didn't find any solutions.
      1 Reply Last reply Reply Quote 0
      • KOMK
        KOM
        last edited by

        You have an error in your XML.  Get rid of the part in red:

        <l7shaper><container><container><name>WEB</name>
        <enabled>on</enabled>

        <divert_port>47194</divert_port>
        <l7rules><protocol>http</protocol>
        <structure>action</structure>
        <behaviour>block</behaviour></l7rules></container></container></l7shaper>

        Save it and restore your shaper config.  I had something similar to this before in one of my XML files.

        1 Reply Last reply Reply Quote 0
        • W
          wraezor
          last edited by

          Cleaned up the XML but still having the same issue.

          ipfw-classifyd: unable to write to divert socket: Invalid argument

          I am trying against even IRC now, which seems to be a pretty simple protocol to identify and it's not working.

          	 <l7shaper><container><name>IRC</name>
			<enabled>on</enabled>

			<divert_port>44814</divert_port>
			 <l7rules><protocol>irc</protocol>
				<structure>action</structure>
				<behaviour>block</behaviour></l7rules></container></l7shaper>

          Any other ideas?

          1 Reply Last reply Reply Quote 0
          • KOMK
            KOM
            last edited by

            I have never used the L7 stuff, but just wanted to point out the bug in your XML.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.