[Oisf-users] Unsubscribe

charlesho.mdsi charlesho.mdsi at gmail.com
Sun Dec 11 22:48:25 UTC 2011 


Charles

On Dec 11, 2011, at 9:00 AM, oisf-users-request at openinfosecfoundation.org wrote:

> Send Oisf-users mailing list submissions to
>    oisf-users at openinfosecfoundation.org
> 
> To subscribe or unsubscribe via the World Wide Web, visit
>    http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> or, via email, send a message with subject or body 'help' to
>    oisf-users-request at openinfosecfoundation.org
> 
> You can reach the person managing the list at
>    oisf-users-owner at openinfosecfoundation.org
> 
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Oisf-users digest..."
> 
> 
> Today's Topics:
> 
>   1. Suricata in Inline Mode - ERRCODE:    SC_ERR_NFQ_UNBIND(70)
>      (Srijan Nandi)
> 
> 
> ----------------------------------------------------------------------
> 
> Message: 1
> Date: Sun, 11 Dec 2011 14:08:46 +0530
> From: Srijan Nandi <srijan.nandi at gmail.com>
> Subject: [Oisf-users] Suricata in Inline Mode - ERRCODE:
>    SC_ERR_NFQ_UNBIND(70)
> To: oisf-users at openinfosecfoundation.org
> Message-ID:
>    <CAJjLrORnATwyDbu4NOTBNJ+kX130Eq-34UyrJWb1XUqVA9LZxw at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
> 
> Hello Everyone,
> 
> I just compiled and configure Suricata v 1.1 and it works perfect in packet
> capture mode. However, as soon as I start it as inline mode with queuing, I
> get the error message as:
> 
> [23869] 11/12/2011 -- 13:55:27 - (source-nfq.c:373) <Error> (NFQInitThread)
> -- [ERRCODE: SC_ERR_NFQ_UNBIND(70)] - nfq_unbind_pf() for AF_INET failed
> 
> I searched the forum and figured out that this error message is because
> both ip_queue and nf_queue conflict with each other and the solution
> provided is to remove the ip_queue module. However, I have configured both
> ip_queue and nf_queue as parameters in my kernel and not as modules. So if
> I do a lsmod, I neither see ip_queue nor nf_queue as modules there.
> 
> nf_queue works fine because, IPtables does not complain while using -j
> NFQUEUE and in /proc/net/netfilter I have the followings files:
> 
> -r--r--r--  1 root root 0 Dec 11 14:00 nf_log
> -r--r--r--  1 root root 0 Dec 11 14:00 nf_queue
> -r--r-----  1 root root 0 Dec 11 14:00 nfnetlink_log
> -r--r-----  1 root root 0 Dec 11 14:00 nfnetlink_queue
> 
> Also if I do a cat /proc/net/netfilter/nf_queue, i get:
> 
> 0 NONE
> 1 NONE
> 2 ip_queue
> 3 NONE
> 4 NONE
> 5 NONE
> 6 NONE
> 7 NONE
> 8 NONE
> 9 NONE
> 10 NONE
> 11 NONE
> 12 NONE
> 
> Doing a cat /proc/net/netfilter/nfnetlink_queue yields nothing.
> 
> Can anyone please help me with this? I need Suricata to work via nf_queue
> and also I cannot remove ip_queue as it is inbuilt in my kernel.
> 
> -- 
> -=Srijan Nandi
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20111211/9175bb01/attachment-0001.html
> 
> ------------------------------
> 
> _______________________________________________
> Oisf-users mailing list
> Oisf-users at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> 
> 
> End of Oisf-users Digest, Vol 25, Issue 9
> *****************************************

More information about the Oisf-users mailing list