[Oisf-users] (source-nfq.c:246) &lt; Error&gt; (NFQInitThread) -- [ERRCODE: SC_ERR_NFQ_UNBIND(70)] - nfq_unbind_pf() for AF_INET failed

Mon Sep 27 10:19:47 UTC 2010

Victor Julien <victor at ...> writes:

> 
> zeojex wrote:
> Did you add iptables NFQUEUE rules? Check the
> /var/log/suricata/stats.log file to confirm Suricata sees traffic.
> 
> Cheers,
> Victor
> 
Mmmh seems not :
-------------------------------------------------------------------
27/9/2010 -- 09:34:00
-------------------------------------------------------------------
Counter                   | TM Name                   | Value
-------------------------------------------------------------------
decoder.pkts              | Decode & Stream           | 33
decoder.bytes             | Decode & Stream           | 3838
decoder.ipv4              | Decode & Stream           | 30
decoder.ipv6              | Decode & Stream           | 0
decoder.ethernet          | Decode & Stream           | 33
decoder.raw               | Decode & Stream           | 0
decoder.sll               | Decode & Stream           | 0
decoder.tcp               | Decode & Stream           | 28
decoder.udp               | Decode & Stream           | 2
decoder.icmpv4            | Decode & Stream           | 0
decoder.icmpv6            | Decode & Stream           | 0
decoder.ppp               | Decode & Stream           | 0
decoder.pppoe             | Decode & Stream           | 0
decoder.gre               | Decode & Stream           | 0
decoder.vlan              | Decode & Stream           | 0
decoder.avg_pkt_size      | Decode & Stream           | 116.303030
decoder.max_pkt_size      | Decode & Stream           | 266
defrag.ipv4.fragments     | Decode & Stream           | 0
defrag.ipv4.reassembled   | Decode & Stream           | 0
defrag.ipv4.timeouts      | Decode & Stream           | 0
defrag.ipv6.fragments     | Decode & Stream           | 0
defrag.ipv6.reassembled   | Decode & Stream           | 0
defrag.ipv6.timeouts      | Decode & Stream           | 0
tcp.sessions              | Decode & Stream           | 1
tcp.ssn_memcap_drop       | Decode & Stream           | 0
detect.alert              | Detect                    | 0

In order to check icmp rules via a ping, I put this rule in iptables :
iptables -t filter -A INPUT -p icmp -j NFQUEUE

But when i restarted iptables i get this error :
FATAL: Error inserting ip_queue
(/lib/modules/2.6.26-2-686/kernel/net/ipv4/netfilter/ip_queue.ko): Device or
resource busy

you speak about conflict between ip_queue and nfqueue. Same problem maybe ?

[Oisf-users] (source-nfq.c:246) &amp;lt; Error&amp;gt; (NFQInitThread) -- [ERRCODE: SC_ERR_NFQ_UNBIND(70)] - nfq_unbind_pf() for AF_INET failed

[Oisf-users] (source-nfq.c:246) < Error> (NFQInitThread) -- [ERRCODE: SC_ERR_NFQ_UNBIND(70)] - nfq_unbind_pf() for AF_INET failed