On Tue, Feb 03, 2026 at 11:45:40AM +0100, Alexander Bluhm wrote:
> On Sat, Jan 31, 2026 at 01:08:36PM -0800, William B. wrote:
> > I am showing no divert listener for the Suricata package despite following
> > the package documentation and the listener itself being referenced in the
> > Suricata log output.
>
> Looks like divert packet sockets are not exported by kernel. Diff
> below adds this feature.
>
> root@ot29:.../~# suricata -d 700
> i: suricata: This is Suricata version 7.0.7 RELEASE running in SYSTEM mode
> W: detect: No rule files match the pattern /var/suricata/rules/suricata.rules
> W: detect: 1 rule files specified, but no rules were loaded!
> i: threads: Threads created -> RX: 1 W: 6 TX: 1 FM: 1 FR: 1 Engine started.
>
> root@ot29:.../~# netstat -an -p divert
> Active Internet connections (including servers)
> Proto Recv-Q Send-Q Local Address Foreign Address IP-Proto
> divert 0 0 *.700 *.* 0
>
> > This prevents IPS functionality from working.
>
> No, there must be some other reason, why it does not work for you.
>
> > There is no such listener:
> > netstat -an | grep LISTEN
>
> It is not a LISTEN socket, they only exists fot TCP. Your grep is
> wrong.
>
> bluhm
>
Makes sense. OK mvs@
> Index: kern/kern_sysctl.c
> ===================================================================
> RCS file: /mount/openbsd/cvs/src/sys/kern/kern_sysctl.c,v
> diff -u -p -r1.483 kern_sysctl.c
> --- kern/kern_sysctl.c 23 Sep 2025 08:00:48 -0000 1.483
> +++ kern/kern_sysctl.c 3 Feb 2026 10:29:05 -0000
> @@ -100,6 +100,7 @@
> #include <netinet/tcp_var.h>
> #include <netinet/udp.h>
> #include <netinet/udp_var.h>
> +#include <netinet/ip_divert.h>
> #include <netinet6/ip6_var.h>
>
> #ifdef DDB
> @@ -1768,6 +1769,12 @@ do {
> \
> FILLINPTABLE(&rawcbtable);
> #ifdef INET6
> FILLINPTABLE(&rawin6pcbtable);
> +#endif
> +#if NPF > 0
> + FILLINPTABLE(&divbtable);
> +#ifdef INET6
> + FILLINPTABLE(&divb6table);
> +#endif
> #endif
> }
> fp = NULL;
>
