[Oisf-users] Packets stucked in Nfqueue when running inline

Eric Leblond eric at regit.org
Thu Aug 18 17:10:38 UTC 2011


Hello,

On Thu, 2011-08-18 at 12:02 -0500, Fernando Ortiz wrote:
> (Forgot to send this to the list too)
> 
> 
> All patches worked find. I got this error again, though 
> 
> 
> source-nfq.c: In function âNFQCallBackâ:
> source-nfq.c:328:32: error: âtâ undeclared (first use in this
> function)
> source-nfq.c:328:32: note: each undeclared identifier is reported only
> once for each function it appears in

This is my fault. I need to update my nfqueue libs...
The fix is easy: you must have qh and not t->qh.

BR,

> 
> 
> Regards
> 
> 2011/8/18 Fernando Ortiz <fernando.ortiz.f at gmail.com>
>         All patches worked find. I got this error again, though 
>         
>         
>         source-nfq.c: In function âNFQCallBackâ:
>         source-nfq.c:328:32: error: âtâ undeclared (first use in this
>         function)
>         source-nfq.c:328:32: note: each undeclared identifier is
>         reported only once for each function it appears in
>         
>         
>         
>         
>         
>         
>         2011/8/18 Fernando Ortiz <fernando.ortiz.f at gmail.com>
>                 Great! I will test this and keep you informed.
>                 
>                 
>                 Thanks
>                 
>                 
>                 
>                 2011/8/18 Eric Leblond <eric at regit.org>
>                         Hello,
>                         
>                         On Thu, 2011-08-18 at 10:32 -0500, Fernando
>                         Ortiz wrote:
>                         
>                         > I had problems with both patches:
>                         
>                         
>                         Oups, at least 4 patches were missing on the
>                         way from origin/master to
>                         this two patches.
>                         
>                         In attachement please find the result of a
>                         cherry-pick party of all my
>                         commits on NFQ. They have been applied on
>                         origin/master and this should
>                         thus apply easily on your side.
>                         
>                         BR,
>                         
>                         
>                         >
>                         > Patch 1:
>                         > patching file source-nfq.c
>                         > Hunk #1 FAILED at 247.
>                         > Hunk #2 FAILED at 320.
>                         > 2 out of 2 hunks FAILED -- saving rejects to
>                         file source-nfq.c.rej
>                         >
>                         >
>                         > Patch 2:
>                         > patching file decode.h
>                         > patching file source-ipfw.c
>                         > Hunk #1 FAILED at 518.
>                         > 1 out of 1 hunk FAILED -- saving rejects to
>                         file source-ipfw.c.rej
>                         > patching file source-nfq.c
>                         > Hunk #1 FAILED at 339.
>                         > Hunk #2 FAILED at 918.
>                         > 2 out of 2 hunks FAILED -- saving rejects to
>                         file source-nfq.c.rej
>                         > patching file source-nfq.h
>                         > patching file tmqh-packetpool.c
>                         > Hunk #1 succeeded at 49 with fuzz 1.
>                         > Hunk #2 FAILED at 159.
>                         > Hunk #3 FAILED at 192.
>                         > 2 out of 3 hunks FAILED -- saving rejects to
>                         file
>                         > tmqh-packetpool.c.rej
>                         >
>                         >
>                         > I manually edited the files. But still have
>                         problems in compilation.
>                         > Specifically with patch 1
>                         >
>                         >
>                         > source-nfq.c: In function âNFQCallBackâ:
>                         > source-nfq.c:322:32: error: "t" undeclared
>                         (first use in this
>                         > function)
>                         > source-nfq.c:322:32: note: each undeclared
>                         identifier is reported only
>                         > once for each function it appears in
>                         >
>                         >
>                         >
>                         >
>                         > source-nfq.c: In function "NFQSetVerdict":
>                         > source-nfq.c:798:2: warning: âreturnâ with
>                         no value, in function
>                         > returning non-void
>                         >
>                         >
>                         > In my source-nfq.c I had this function
>                         declaration.
>                         > void NFQSetVerdict(Packet *p) {
>                         >
>                         >
>                         > But in the patch 2, it looks like that
>                         function returns TmEcode
>                         > TmEcode NFQSetVerdict(Packet *p) {
>                         >
>                         >
>                         > I changed it, as it was in the patch thus
>                         there is a warning because
>                         > there is a void return in the code.
>                         >
>                         >
>                         > TmEcode NFQSetVerdict(Packet *p) {
>                         >     int iter = 0;
>                         >     /* can't verdict a "fake" packet */
>                         >     if (p->flags & PKT_PSEUDO_STREAM_END) {
>                         >           return;
>                         >     }
>                         >
>                         >
>                         > I am working with the last repository in
>                         git. Could you give a hand
>                         > please?
>                         >
>                         >
>                         >
>                         > 2011/8/17 Fernando Ortiz
>                         <fernando.ortiz.f at gmail.com>
>                         >         Great! I will test both right now.
>                         Thank you.
>                         >
>                         >
>                         >
>                         >         2011/8/17 Eric Leblond
>                         <eric at regit.org>
>                         >                 Hello again,
>                         >
>                         >                 On Wed, 2011-08-17 at 16:53
>                         +0200, Eric Leblond wrote:
>                         >                 > Hi again,
>                         >                 >
>                         >                 > On Wed, 2011-08-17 at
>                         16:28 +0200, Eric Leblond
>                         >                 wrote:
>                         >                 > > Hello,
>                         >                 > >
>                         >                 > > On Tue, 2011-08-16 at
>                         14:30 -0500, Fernando Ortiz
>                         >                 wrote:
>                         >                 > > > Sorry the late of the
>                         answer. I got a server to
>                         >                 make more test in
>                         >                 > > > production again.
>                         >                 > >
>                         >                 > > No problem, I was on
>                         holiday :P
>                         >                 > >
>                         >                 > > > I patched Suricata. I
>                         still have the same
>                         >                 problem with packets stucked
>                         >                 > >
>                         >                 > > Bad news.
>                         >                 > >
>                         >                 > > If you have some time,
>                         could you test the attached
>                         >                 patch.
>                         >                 >
>                         >                 > This is not necessary to
>                         test this patch: I've
>                         >                 continued to study the
>                         >                 > problem. There is an issue
>                         with the code pointed out
>                         >                 by the patch but
>                         >                 > this can not explain the
>                         problem.
>                         >
>                         >
>                         >                 Two patches will follow this
>                         mail. The fist one
>                         >                 improves the error
>                         >                 handling in NFQ and suppress
>                         one of the potential
>                         >                 source of ghost
>                         >                 packets. The second one is
>                         more generic but it should
>                         >                 fix one other
>                         >                 potential source.
>                         >
>                         >                 Both patches display
>                         explicit message in log level
>                         >                 warning. If something
>                         >                 occurs, you will not missed
>                         it.
>                         >
>                         >                 BR,
>                         >                 --
>                         >
>                         >                 Eric Leblond
>                         >                 Blog: http://home.regit.org/
>                         >
>                         >
>                         >
>                         >
>                         >
>                         >
>                         >
>                         >
>                         >
>                         >
>                         >
>                         >
>                         
>                         
>                         --
>                         
>                         Eric Leblond
>                         Blog: http://home.regit.org/
>                         
>                 
>                 
>                 
>                 
>                 -- 
>                 Fernando Ortiz 
>                 Twitter: http://twitter.com/FernandOrtizF
>                  
>                 
>         
>         
>         
>         
>         -- 
>         Fernando Ortiz 
>         Twitter: http://twitter.com/FernandOrtizF
>          
>         
> 
> 
> 
> 
> -- 
> Fernando Ortiz 
> Twitter: http://twitter.com/FernandOrtizF
>  

-- 
Eric Leblond 
Blog: http://home.regit.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20110818/023c7fa7/attachment.sig>


More information about the Oisf-users mailing list