On Sat, Jan 31, 2026 at 01:08:36PM -0800, William B. wrote:
> I am showing no divert listener for the Suricata package despite following
> the package documentation and the listener itself being referenced in the
> Suricata log output.
Looks like divert packet sockets are not exported by kernel. Diff
below adds this feature.
root@ot29:.../~# suricata -d 700
i: suricata: This is Suricata version 7.0.7 RELEASE running in SYSTEM mode
W: detect: No rule files match the pattern /var/suricata/rules/suricata.rules
W: detect: 1 rule files specified, but no rules were loaded!
i: threads: Threads created -> RX: 1 W: 6 TX: 1 FM: 1 FR: 1 Engine started.
root@ot29:.../~# netstat -an -p divert
Active Internet connections (including servers)
Proto Recv-Q Send-Q Local Address Foreign Address IP-Proto
divert 0 0 *.700 *.* 0
> This prevents IPS functionality from working.
No, there must be some other reason, why it does not work for you.
> There is no such listener:
> netstat -an | grep LISTEN
It is not a LISTEN socket, they only exists fot TCP. Your grep is
wrong.
bluhm
Index: kern/kern_sysctl.c
===================================================================
RCS file: /mount/openbsd/cvs/src/sys/kern/kern_sysctl.c,v
diff -u -p -r1.483 kern_sysctl.c
--- kern/kern_sysctl.c 23 Sep 2025 08:00:48 -0000 1.483
+++ kern/kern_sysctl.c 3 Feb 2026 10:29:05 -0000
@@ -100,6 +100,7 @@
#include <netinet/tcp_var.h>
#include <netinet/udp.h>
#include <netinet/udp_var.h>
+#include <netinet/ip_divert.h>
#include <netinet6/ip6_var.h>
#ifdef DDB
@@ -1768,6 +1769,12 @@ do {
\
FILLINPTABLE(&rawcbtable);
#ifdef INET6
FILLINPTABLE(&rawin6pcbtable);
+#endif
+#if NPF > 0
+ FILLINPTABLE(&divbtable);
+#ifdef INET6
+ FILLINPTABLE(&divb6table);
+#endif
#endif
}
fp = NULL;
