[Oisf-users] Confused by conflicting message for 4.1.0

James Moe jimoe at sohnen-moe.com
Tue Nov 6 21:20:52 UTC 2018 

Hello,
  suricata 4.1.0
  linux 4.12.14-lp150.12.22-default x86_64

  Suricata 4.1.0 is compiled with "--enable-nfqueue".
  Startup indicates there is some problem with NFQUEUE. Yet the chain is
added by iptables and suricata appears to be functioning normally.

  Is this indeed a problem?
  Or a spurious message?

----[ Startup output ]----
6/11/2018 -- 14:00:02 - <Notice> - This is Suricata version 4.1.0 RELEASE
6/11/2018 -- 14:00:02 - <Info> - CPUs/cores online: 4
6/11/2018 -- 14:00:02 - <Info> - NFQ running in standard ACCEPT/DROP mode
6/11/2018 -- 14:00:02 - <Info> - fast output device (regular)
initialized: fast.log
6/11/2018 -- 14:00:02 - <Info> - eve-log output device (regular)
initialized: eve-json.log
6/11/2018 -- 14:00:02 - <Info> - md5 calculation requires linking
against libnss
6/11/2018 -- 14:00:02 - <Info> - alert-debug output device (regular)
initialized: alert-debug.log
6/11/2018 -- 14:00:02 - <Info> - stats output device (regular)
initialized: stats.log
6/11/2018 -- 14:00:02 - <Info> - drop output device (regular)
initialized: drop.log
6/11/2018 -- 14:00:03 - <Info> - 47 rule files processed. 18819 rules
successfully loaded, 0 rules failed
6/11/2018 -- 14:00:03 - <Info> - Threshold config parsed: 0 rule(s) found
6/11/2018 -- 14:00:03 - <Info> - 18824 signatures processed. 1167 are
IP-only rules, 6191 are inspecting packet payload, 13660 inspect
application layer, 0 are decoder event only
6/11/2018 -- 14:00:08 - <Info> - binding this thread 0 to queue '0'

Then:
6/11/2018 -- 14:00:08 - <Error> - [ERRCODE: SC_ERR_NFQ_CREATE_QUEUE(72)]
- nfq_create_queue failed
6/11/2018 -- 14:00:08 - <Error> - [ERRCODE: SC_ERR_NFQ_THREAD_INIT(78)]
- nfq thread failed to initialize
----[ end ]----

$ iptables -nvL INPUT | head -7
Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source
destination
  454  136K NFQUEUE    all  --  *      *       0.0.0.0/0
0.0.0.0/0            NFQUEUE num 0 bypass
    0     0 ACCEPT     all  --  lo     *       0.0.0.0/0
0.0.0.0/0
  409 92762 ACCEPT     all  --  *      *       0.0.0.0/0
0.0.0.0/0            ctstate ESTABLISHED
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0
0.0.0.0/0            ctstate RELATED
   68  9615 input_ext  all  --  *      *       0.0.0.0/0
0.0.0.0/0

-- 
James Moe
moe dot james at sohnen-moe dot com
520.743.3936
Think.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20181106/c6893d7c/attachment.sig>

More information about the Oisf-users mailing list