[Oisf-users] Packets stucked in Nfqueue when running inline
Eric Leblond
eric at regit.org
Thu Aug 18 15:36:35 UTC 2011
Hello,
On Thu, 2011-08-18 at 10:32 -0500, Fernando Ortiz wrote:
> I had problems with both patches:
Oups, I forgot to try to rebase this series. I resend you update patches
ASASP (Should take around 30 min).
BR,
>
>
> Patch 1:
> patching file source-nfq.c
> Hunk #1 FAILED at 247.
> Hunk #2 FAILED at 320.
> 2 out of 2 hunks FAILED -- saving rejects to file source-nfq.c.rej
>
>
> Patch 2:
> patching file decode.h
> patching file source-ipfw.c
> Hunk #1 FAILED at 518.
> 1 out of 1 hunk FAILED -- saving rejects to file source-ipfw.c.rej
> patching file source-nfq.c
> Hunk #1 FAILED at 339.
> Hunk #2 FAILED at 918.
> 2 out of 2 hunks FAILED -- saving rejects to file source-nfq.c.rej
> patching file source-nfq.h
> patching file tmqh-packetpool.c
> Hunk #1 succeeded at 49 with fuzz 1.
> Hunk #2 FAILED at 159.
> Hunk #3 FAILED at 192.
> 2 out of 3 hunks FAILED -- saving rejects to file
> tmqh-packetpool.c.rej
>
>
> I manually edited the files. But still have problems in compilation.
> Specifically with patch 1
>
>
> source-nfq.c: In function âNFQCallBackâ:
> source-nfq.c:322:32: error: "t" undeclared (first use in this
> function)
> source-nfq.c:322:32: note: each undeclared identifier is reported only
> once for each function it appears in
>
>
>
>
> source-nfq.c: In function "NFQSetVerdict":
> source-nfq.c:798:2: warning: âreturnâ with no value, in function
> returning non-void
>
>
> In my source-nfq.c I had this function declaration.
> void NFQSetVerdict(Packet *p) {
>
>
> But in the patch 2, it looks like that function returns TmEcode
> TmEcode NFQSetVerdict(Packet *p) {
>
>
> I changed it, as it was in the patch thus there is a warning because
> there is a void return in the code.
>
>
> TmEcode NFQSetVerdict(Packet *p) {
> int iter = 0;
> /* can't verdict a "fake" packet */
> if (p->flags & PKT_PSEUDO_STREAM_END) {
> return;
> }
>
>
> I am working with the last repository in git. Could you give a hand
> please?
>
>
>
> 2011/8/17 Fernando Ortiz <fernando.ortiz.f at gmail.com>
> Great! I will test both right now. Thank you.
>
>
>
> 2011/8/17 Eric Leblond <eric at regit.org>
> Hello again,
>
> On Wed, 2011-08-17 at 16:53 +0200, Eric Leblond wrote:
> > Hi again,
> >
> > On Wed, 2011-08-17 at 16:28 +0200, Eric Leblond
> wrote:
> > > Hello,
> > >
> > > On Tue, 2011-08-16 at 14:30 -0500, Fernando Ortiz
> wrote:
> > > > Sorry the late of the answer. I got a server to
> make more test in
> > > > production again.
> > >
> > > No problem, I was on holiday :P
> > >
> > > > I patched Suricata. I still have the same
> problem with packets stucked
> > >
> > > Bad news.
> > >
> > > If you have some time, could you test the attached
> patch.
> >
> > This is not necessary to test this patch: I've
> continued to study the
> > problem. There is an issue with the code pointed out
> by the patch but
> > this can not explain the problem.
>
>
> Two patches will follow this mail. The fist one
> improves the error
> handling in NFQ and suppress one of the potential
> source of ghost
> packets. The second one is more generic but it should
> fix one other
> potential source.
>
> Both patches display explicit message in log level
> warning. If something
> occurs, you will not missed it.
>
> BR,
> --
>
> Eric Leblond
> Blog: http://home.regit.org/
>
>
>
>
>
>
>
>
>
>
>
>
--
Eric Leblond
Blog: http://home.regit.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20110818/4304fbb9/attachment.sig>
More information about the Oisf-users
mailing list