[Oisf-users] suricata with iptables NFQUEUE and kernel warnings for net/ipv4

Victor Julien lists at inliniac.net
Mon Feb 17 16:39:16 UTC 2020 

Hi Vieri,

I would suggest reporting this to the netfilter/netfilter-devel list.

Regards,
Victor


On 17-02-2020 11:20, Vieri wrote:
> [Follow-up]
> 
> I've updated Suricata to v.5.0.2, and this is how I'm running it:
> 
> # ps aux | grep suri
> suricata 241619 88.0  1.4 3330368 461520 ?      Ssl  10:57   0:04 /usr/bin/suricata --pidfile /run/suricata/suricata.pid -D -c /etc/suricata/suricata-HMAN.yaml -vvvv -q 0 -q 1 -q 2 -q 3 -q 4 -q 5 --set logging.outputs.1.file.filename=/var/log/suricata/suricata.log --user=suricata --group=suricata -l /var/log/suricata
> 
> I've also tried running one suricata process for each NFQUEUE, ie. suricata -q 0 [etc.] ; suricata -q 1 [etc.] ; [...] ; suricata -q 5 [etc.], but I'm still seeing these kernel warnings rather often:
> 
> kernel: ------------[ cut here ]------------
> kernel: WARNING: CPU: 4 PID: 241631 at net/ipv4/tcp_output.c:915 tcp_wfree.cold+0xc/0x13
> kernel: Modules linked in: tcp_diag udp_diag inet_diag xt_condition(OE) xt_ACCOUNT(OE) xt_LOGMARK(OE) xt_time xt_connlimit nf_conncount xt_helper xt_realm xt_tcpmss xt_CHECKSUM ipt_rpfilter xt_DSCP xt_dscp xt_TPROXY nf_tproxy_ipv6 nf_tproxy_ipv4 xt_IPMARK(OE) xt_CLASSIFY xt_length xt_ipp2p(OE) compat_xtables(OE) xt_owner br_netfilter xt_physdev xt_policy ipt_MASQUERADE xt_NETMAP arc4 md4 cmac nls_utf8 cifs ccm dns_resolver autofs4 nfnetlink_queue l2tp_netlink l2tp_core ip6_udp_tunnel udp_tunnel xt_mac xt_REDIRECT xt_limit xt_nat xt_recent xt_statistic xt_connmark xt_comment xt_iprange xt_set xt_NFQUEUE xt_AUDIT ipt_REJECT nf_reject_ipv4 xt_addrtype bridge stp llc xt_mark xt_TCPMSS xt_hashlimit xt_CT xt_multiport nfnetlink_log xt_NFLOG nf_log_ipv4 nf_log_common xt_LOG nf_nat_tftp nf_nat_snmp_basic
> kernel:  nf_conntrack_snmp nf_nat_sip nf_nat_pptp nf_nat_proto_gre nf_nat_irc nf_nat_h323 nf_nat_ftp nf_nat_amanda ts_kmp nf_conntrack_amanda nf_conntrack_sane nf_conntrack_tftp nf_conntrack_sip nf_conntrack_pptp nf_conntrack_proto_gre nf_conntrack_netlink nf_conntrack_netbios_ns nf_conntrack_broadcast nf_conntrack_irc nf_conntrack_h323 nf_conntrack_ftp pppoe pppox ppp_generic slhc ip_set_hash_mac ip_set_bitmap_port ip_set_hash_net ip_set_hash_ip ip_set nfnetlink ip6table_filter ip6_tables arptable_filter arp_tables xt_conntrack iptable_mangle iptable_nat nf_nat_ipv4 nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 iptable_raw sch_fq tcp_cdg tcp_bbr iptable_filter ip_tables bpfilter mlx5_ib ipmi_ssif ib_uverbs edac_mce_amd ast kvm_amd ttm kvm drm_kms_helper igb irqbypass efi_pstore crct10dif_pclmul
> kernel:  ghash_clmulni_intel sp5100_tco efivars pcspkr mlx5_core drm ixgbe bnxt_en joydev i2c_algo_bit i2c_piix4 mdio ccp mlxfw dca i2c_core ipmi_si ipmi_devintf ipmi_msghandler pinctrl_amd pcc_cpufreq mac_hid acpi_cpufreq efivarfs aesni_intel crypto_simd cryptd glue_helper aes_x86_64 algif_rng algif_aead algif_hash algif_skcipher af_alg crc32c_intel crc32_pclmul crc32_generic msdos fat cramfs overlay squashfs loop fuse f2fs xfs nfs lockd grace sunrpc fscache jfs reiserfs btrfs ext4 mbcache jbd2 multipath linear raid10 raid1 raid0 dm_zero dm_verity reed_solomon dm_thin_pool dm_switch dm_snapshot dm_raid raid456 md_mod async_raid6_recov async_memcpy async_pq raid6_pq dm_mirror dm_region_hash dm_log_writes dm_log_userspace dm_log dm_integrity async_xor async_tx xor dm_flakey dm_delay dm_crypt dm_cache_smq
> kernel:  dm_cache dm_persistent_data libcrc32c dm_bufio dm_bio_prison dm_mod firewire_core crc_itu_t hid_sunplus hid_sony hid_samsung hid_pl hid_petalynx hid_monterey hid_microsoft hid_logitech_dj hid_logitech ff_memless hid_gyration hid_ezkey hid_cypress hid_chicony hid_cherry hid_belkin hid_apple hid_a4tech sl811_hcd ohci_hcd uhci_hcd uas usb_storage xhci_plat_hcd pata_sl82c105 pata_via pata_jmicron pata_marvell pata_netcell pata_pdc202xx_old pata_triflex pata_atiixp pata_opti pata_amd pata_ali pata_it8213 pata_pcmcia pcmcia pcmcia_core pata_ns87415 pata_ns87410 pata_serverworks pata_oldpiix pata_artop pata_it821x pata_optidma pata_hpt3x2n pata_hpt3x3 pata_hpt37x pata_hpt366 pata_cmd64x pata_efar pata_sil680 pata_pdc2027x pata_mpiix lpfc nvmet_fc qla2xxx megaraid_mbox megaraid_mm aacraid sx8
> kernel:  hpsa 3w_9xxx 3w_xxxx 3w_sas mptsas mptfc scsi_transport_fc atp870u dc395x qla1280 dmx3191d sym53c8xx gdth initio BusLogic arcmsr aic7xxx aic79xx sr_mod cdrom sg sd_mod mpt3sas raid_class scsi_transport_sas megaraid megaraid_sas mptspi mptscsih mptbase scsi_transport_spi pdc_adma sata_inic162x sata_mv sata_qstor sata_vsc sata_uli sata_sis pata_sis sata_sx4 sata_nv sata_via sata_svw sata_sil24 sata_sil sata_promise ata_piix ahci libahci nvme_fc nvme_loop nvmet nvme_rdma rdma_cm iw_cm ib_cm ib_core configfs ipv6 crc_ccitt nvme_fabrics nvme nvme_core
> kernel: CPU: 4 PID: 241631 Comm: RX-NFQ#1 Tainted: G        W  OE     4.19.97-gentoo-x86_64 #1
> kernel: Hardware name: Supermicro AS -1114S-WTRT/H12SSW-NT, BIOS 1.0b 11/15/2019
> kernel: RIP: 0010:tcp_wfree.cold+0xc/0x13
> kernel: Code: 9d 04 00 00 00 5b c6 85 9b 04 00 00 00 5d c3 48 c7 c7 70 93 06 a2 e8 f7 f7 94 ff 0f 0b c3 48 c7 c7 70 93 06 a2 e8 e8 f7 94 ff <0f> 0b e9 46 a5 ff ff 48 c7 c7 70 93 06 a2 e8 d5 f7 94 ff 0f 0b b8
> kernel: RSP: 0000:ffff9e15eb103d90 EFLAGS: 00010246
> kernel: RAX: 0000000000000024 RBX: ffff9e143316f2e8 RCX: 0000000000000000
> kernel: RDX: 0000000000000000 RSI: ffff9e15eb1168b8 RDI: ffff9e15eb1168b8
> kernel: RBP: ffff9e1405f8ee80 R08: ffff9e15eb1168b8 R09: 0000000000000001
> kernel: R10: 0000000000000000 R11: 0000000000000001 R12: ffff9e143316f2e8
> kernel: R13: ffff9e0ec3ab10a8 R14: ffff9e15e39de8c0 R15: 0000000000000028
> kernel: FS:  00007f43449a2700(0000) GS:ffff9e15eb100000(0000) knlGS:0000000000000000
> kernel: CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> kernel: CR2: 00007f157621a690 CR3: 00000006e857c000 CR4: 0000000000340ee0
> kernel: Call Trace:
> kernel:  <IRQ>
> kernel:  skb_release_head_state+0x64/0xb0
> kernel:  skb_release_all+0xe/0x30
> kernel:  consume_skb+0x27/0x80
> kernel:  bnxt_tx_int+0xd0/0x360 [bnxt_en]
> kernel:  bnxt_poll+0x20f/0x870 [bnxt_en]
> kernel:  net_rx_action+0x148/0x3b0
> kernel:  __do_softirq+0xe8/0x2f1
> kernel:  irq_exit+0x100/0x110
> kernel:  do_IRQ+0x81/0xe0
> kernel:  common_interrupt+0xf/0xf
> kernel:  </IRQ>
> kernel: RIP: 0033:0x7f43479e1b08
> kernel: Code: 66 90 48 83 ec 10 41 89 f2 48 8d 77 10 45 31 c9 6a 01 48 83 c7 08 41 50 45 31 c0 51 89 d1 44 89 d2 e8 9c f9 ff ff 48 83 c4 28 <c3> 0f 1f 80 00 00 00 00 48 83 ec 10 41 89 f2 0f c9 48 8d 77 10 6a
> kernel: RSP: 002b:00007f43449a0018 EFLAGS: 00000206 ORIG_RAX: ffffffffffffffd6
> kernel: RAX: 0000000000000020 RBX: 00007f432c240680 RCX: 0000000000000000
> kernel: RDX: 0000000000000000 RSI: 00007f434499fee0 RDI: 0000000000000000
> kernel: RBP: 00007f43449a08c0 R08: 0000000000000000 R09: 0000000000000301
> kernel: R10: 0000000000000fee R11: 0000000000000000 R12: 00007f432c268dd0
> kernel: R13: 0000000000000004 R14: 00007f43449a08c0 R15: 00007f432c268d60
> kernel: ---[ end trace 70699422f7796e95 ]---
> 
> Has anyone on this mailing list ever seen these warnings, or does anyone have a clue as to what I could try?
> 
> These messages only occur when using NFQUEUE, and after a long time running the system can freeze.
> 
> Regards,
> 
> Vieri
> 
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> 
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/
> 


-- 
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------

More information about the Oisf-users mailing list