<div>I changed this:</div><div><b>ret = nfq_set_verdict2(t->qh, p-><a href="http://nfq_v.id">nfq_v.id</a>, NF_DROP, 0, 0, NULL);</b></div><div>to this:</div><div><b>ret = nfq_set_verdict2(qh, p-><a href="http://nfq_v.id">nfq_v.id</a>, NF_DROP, 0, 0, NULL);</b></div>
<div><br></div><div>It compiled. Is it ok ? :P</div><div><br></div><div>source-nfq.c: </div><div><br></div><div>static int NFQCallBack(struct nfq_q_handle *qh, struct nfgenmsg *nfmsg,</div><div> struct nfq_data *nfa, void *data)</div>
<div>{</div><div> NFQThreadVars *ntv = (NFQThreadVars *)data;</div><div> ThreadVars *tv = ntv->tv;</div><div> int ret;</div><div><br></div><div>.......</div><div><br></div><div> SCLogWarning(SC_ERR_NFQ_HANDLE_PKT, "NFQ setup failure");</div>
<div>#ifdef HAVE_NFQ_SET_VERDICT2</div><div> <b> *ret = nfq_set_verdict2(qh, p-><a href="http://nfq_v.id">nfq_v.id</a>, NF_DROP, 0, 0, NULL);*</b></div><div>#else</div><div> ret = nfq_set_verdict(qh, p-><a href="http://nfq_v.id">nfq_v.id</a>, NF_DROP, 0, NULL);</div>
<div>#endif</div><div> if (ret < 0) {</div><div><br></div><br><div class="gmail_quote">2011/8/18 Fernando Ortiz <span dir="ltr"><<a href="mailto:fernando.ortiz.f@gmail.com">fernando.ortiz.f@gmail.com</a>></span><br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div>(Forgot to send this to the list too)</div><div class="im"><div><br></div><div>All patches worked find. I got this error again, though </div>
<div><div><br></div><div>source-nfq.c: In function āNFQCallBackā:</div></div><div>
source-nfq.c:328:32: error: ātā undeclared (first use in this function)</div><div>source-nfq.c:328:32: note: each undeclared identifier is reported only once for each function it appears in</div><div><br></div></div><div>
Regards</div><div><div></div><div class="h5">
<br><div class="gmail_quote">2011/8/18 Fernando Ortiz <span dir="ltr"><<a href="mailto:fernando.ortiz.f@gmail.com" target="_blank">fernando.ortiz.f@gmail.com</a>></span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div>All patches worked find. I got this error again, though </div><div><div><br></div><div>source-nfq.c: In function āNFQCallBackā:</div></div><div>source-nfq.c:328:32: error: ātā undeclared (first use in this function)</div>
<div>source-nfq.c:328:32: note: each undeclared identifier is reported only once for each function it appears in</div><div><div></div><div>
<div><br></div><div><br></div><br><div class="gmail_quote">2011/8/18 Fernando Ortiz <span dir="ltr"><<a href="mailto:fernando.ortiz.f@gmail.com" target="_blank">fernando.ortiz.f@gmail.com</a>></span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Great! I will test this and keep you informed.<div><br></div><div>Thanks<div><div></div><div><br><br><div class="gmail_quote">2011/8/18 Eric Leblond <span dir="ltr"><<a href="mailto:eric@regit.org" target="_blank">eric@regit.org</a>></span><br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div>Hello,<br>
<br>
On Thu, 2011-08-18 at 10:32 -0500, Fernando Ortiz wrote:<br>
</div><div>> I had problems with both patches:<br>
<br>
</div>Oups, at least 4 patches were missing on the way from origin/master to<br>
this two patches.<br>
<br>
In attachement please find the result of a cherry-pick party of all my<br>
commits on NFQ. They have been applied on origin/master and this should<br>
thus apply easily on your side.<br>
<br>
BR,<br>
<div><div></div><div><br>
><br>
> Patch 1:<br>
> patching file source-nfq.c<br>
> Hunk #1 FAILED at 247.<br>
> Hunk #2 FAILED at 320.<br>
> 2 out of 2 hunks FAILED -- saving rejects to file source-nfq.c.rej<br>
><br>
><br>
> Patch 2:<br>
> patching file decode.h<br>
> patching file source-ipfw.c<br>
> Hunk #1 FAILED at 518.<br>
> 1 out of 1 hunk FAILED -- saving rejects to file source-ipfw.c.rej<br>
> patching file source-nfq.c<br>
> Hunk #1 FAILED at 339.<br>
> Hunk #2 FAILED at 918.<br>
> 2 out of 2 hunks FAILED -- saving rejects to file source-nfq.c.rej<br>
> patching file source-nfq.h<br>
> patching file tmqh-packetpool.c<br>
> Hunk #1 succeeded at 49 with fuzz 1.<br>
> Hunk #2 FAILED at 159.<br>
> Hunk #3 FAILED at 192.<br>
> 2 out of 3 hunks FAILED -- saving rejects to file<br>
> tmqh-packetpool.c.rej<br>
><br>
><br>
> I manually edited the files. But still have problems in compilation.<br>
> Specifically with patch 1<br>
><br>
><br>
> source-nfq.c: In function āNFQCallBackā:<br>
> source-nfq.c:322:32: error: "t" undeclared (first use in this<br>
> function)<br>
> source-nfq.c:322:32: note: each undeclared identifier is reported only<br>
> once for each function it appears in<br>
><br>
><br>
><br>
><br>
> source-nfq.c: In function "NFQSetVerdict":<br>
> source-nfq.c:798:2: warning: āreturnā with no value, in function<br>
> returning non-void<br>
><br>
><br>
> In my source-nfq.c I had this function declaration.<br>
> void NFQSetVerdict(Packet *p) {<br>
><br>
><br>
> But in the patch 2, it looks like that function returns TmEcode<br>
> TmEcode NFQSetVerdict(Packet *p) {<br>
><br>
><br>
> I changed it, as it was in the patch thus there is a warning because<br>
> there is a void return in the code.<br>
><br>
><br>
> TmEcode NFQSetVerdict(Packet *p) {<br>
> int iter = 0;<br>
> /* can't verdict a "fake" packet */<br>
> if (p->flags & PKT_PSEUDO_STREAM_END) {<br>
> return;<br>
> }<br>
><br>
><br>
> I am working with the last repository in git. Could you give a hand<br>
> please?<br>
><br>
><br>
><br>
> 2011/8/17 Fernando Ortiz <<a href="mailto:fernando.ortiz.f@gmail.com" target="_blank">fernando.ortiz.f@gmail.com</a>><br>
> Great! I will test both right now. Thank you.<br>
><br>
><br>
><br>
> 2011/8/17 Eric Leblond <<a href="mailto:eric@regit.org" target="_blank">eric@regit.org</a>><br>
> Hello again,<br>
><br>
> On Wed, 2011-08-17 at 16:53 +0200, Eric Leblond wrote:<br>
> > Hi again,<br>
> ><br>
> > On Wed, 2011-08-17 at 16:28 +0200, Eric Leblond<br>
> wrote:<br>
> > > Hello,<br>
> > ><br>
> > > On Tue, 2011-08-16 at 14:30 -0500, Fernando Ortiz<br>
> wrote:<br>
> > > > Sorry the late of the answer. I got a server to<br>
> make more test in<br>
> > > > production again.<br>
> > ><br>
> > > No problem, I was on holiday :P<br>
> > ><br>
> > > > I patched Suricata. I still have the same<br>
> problem with packets stucked<br>
> > ><br>
> > > Bad news.<br>
> > ><br>
> > > If you have some time, could you test the attached<br>
> patch.<br>
> ><br>
> > This is not necessary to test this patch: I've<br>
> continued to study the<br>
> > problem. There is an issue with the code pointed out<br>
> by the patch but<br>
> > this can not explain the problem.<br>
><br>
><br>
> Two patches will follow this mail. The fist one<br>
> improves the error<br>
> handling in NFQ and suppress one of the potential<br>
> source of ghost<br>
> packets. The second one is more generic but it should<br>
> fix one other<br>
> potential source.<br>
><br>
> Both patches display explicit message in log level<br>
> warning. If something<br>
> occurs, you will not missed it.<br>
><br>
> BR,<br>
> --<br>
><br>
> Eric Leblond<br>
> Blog: <a href="http://home.regit.org/" target="_blank">http://home.regit.org/</a><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
<br>
</div></div>--<br>
<div><div></div><div>Eric Leblond<br>
Blog: <a href="http://home.regit.org/" target="_blank">http://home.regit.org/</a><br>
</div></div></blockquote></div><br><br clear="all"><div><br></div></div></div><div>-- <br>Fernando Ortiz <br>Twitter: <a href="http://twitter.com/FernandOrtizF" target="_blank">http://twitter.com/FernandOrtizF</a><br>
<br>
</div></div>
</blockquote></div><br><br clear="all"><div><br></div>-- <br>Fernando Ortiz <br>Twitter: <a href="http://twitter.com/FernandOrtizF" target="_blank">http://twitter.com/FernandOrtizF</a><br> <br>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br>Fernando Ortiz <br>Twitter: <a href="http://twitter.com/FernandOrtizF" target="_blank">http://twitter.com/FernandOrtizF</a><br> <br>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br>Fernando Ortiz <br>Twitter: <a href="http://twitter.com/FernandOrtizF">http://twitter.com/FernandOrtizF</a><br> <br>