Ahh, drat. I guess I expected it to be exposed in the same manner as FreeBSD when looking via netstat since they use similar mechanisms (and it was the closest somewhat orange to similar fruit type comparison I had available). I suppose that makes more sense as I would have expected Suricata to throw some kind of error if that were actually the issue. I will wire things back up and see what pfctl has to say about things. Thanks.
On Tue, Feb 3, 2026 at 8:38 AM Stuart Henderson <[email protected]> wrote: > On 2026/02/03 08:21, William B. wrote: > > I suspect I will be fine once I apply the referenced patch, without it > there is no divert for > > PF to route to. I am a bit surprised it is not enabled by default and > there is not a > > straightforward way to enable it aside from patching the kernel given > that divert is regularly > > mentioned in the OpenBSD documentation. > > That is not correct, you misunderstand what the diff is doing. > > Divert sockets *are* already enabled by default and generally working. > > Whatever problem you have with suricata is something else and will not > be fixed by bluhm's patch (which just fixes the export used by netstat). > > > > > Are your "divert-packet" PF rules actually getting hit? Check your > > packets / bytes / state creations counters in "pfctl -sr -v | grep > > -A2 divert-packet". > > >
