Project

General

Profile

Actions

Bug #86

closed

NFQ bind failures should be fatal errors.

Added by Will Metcalf over 14 years ago. Updated over 14 years ago.

Status:
Closed
Priority:
Normal
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

If the user is unable to successfully open a connection to NFQUEUE for lack of permissions or any other reason it should result in a fatal error. As you can see here the engine displays an error but continues to initialize at exit it segv's.

[1730] 9/2/2010 -- 09:11:30 - (source-nfq.c:213) <Warning> (NFQInitThread) -- [ERRCODE: UNKNOWN_ERROR(47)] - nfq_unbind_pf() for AF_INET failed
[1730] 9/2/2010 -- 09:11:30 - (source-nfq.c:216) <Warning> (NFQInitThread) -- [ERRCODE: UNKNOWN_ERROR(47)] - nfq_unbind_pf() for AF_INET6 failed
[1730] 9/2/2010 -- 09:11:30 - (source-nfq.c:223) <Error> (NFQInitThread) -- [ERRCODE: UNKNOWN_ERROR(46)] - nfq_bind_pf() for AF_INET failed
[1729] 9/2/2010 -- 09:11:30 - (stream-tcp.c:264) <Info> (StreamTcpInitConfig) -- stream "max_sessions": 262144
[1729] 9/2/2010 -- 09:11:30 - (stream-tcp.c:276) <Info> (StreamTcpInitConfig) -- stream "prealloc_sessions": 32768
[1729] 9/2/2010 -- 09:11:30 - (stream-tcp.c:284) <Info> (StreamTcpInitConfig) -- stream "memcap": 67108864
[1729] 9/2/2010 -- 09:11:30 - (stream-tcp.c:291) <Info> (StreamTcpInitConfig) -- stream "midstream" session pickups: disabled
[1729] 9/2/2010 -- 09:11:30 - (stream-tcp.c:299) <Info> (StreamTcpInitConfig) -- stream "async_oneside": disabled
[1729] 9/2/2010 -- 09:11:30 - (tm-threads.c:1142) <Info> (TmThreadWaitOnThreadInit) -- all 8 packet processing threads, 3 management threads initialized, engine started.

^C

[1729] 9/2/2010 -- 09:11:40 - (suricata.c:812) <Info> (main) -- signal received
[1729] 9/2/2010 -- 09:11:40 - (suricata.c:848) <Info> (main) -- time elapsed 10s
[1730] 9/2/2010 -- 09:11:40 - (source-nfq.c:403) <Info> (ReceiveNFQThreadExitStats) -- (ReceiveNFQ) Pkts 0, Bytes 0, Errors 68919103
[1732] 9/2/2010 -- 09:11:40 - (stream-tcp.c:2557) <Info> (StreamTcpExitPrintStats) -- (Stream1) Packets 0
[1733] 9/2/2010 -- 09:11:40 - (detect.c:135) <Info> (DetectExitPrintStats) -- (Detect1) (1byte) Pkts 0, Scanned 0 (nan), Searched 0 (nan): nan%.
[1733] 9/2/2010 -- 09:11:40 - (detect.c:141) <Info> (DetectExitPrintStats) -- (Detect1) (2byte) Pkts 0, Scanned 0 (nan), Searched 0 (nan): nan%.
[1733] 9/2/2010 -- 09:11:40 - (detect.c:147) <Info> (DetectExitPrintStats) -- (Detect1) (3byte) Pkts 0, Scanned 0 (nan), Searched 0 (nan): nan%.
[1733] 9/2/2010 -- 09:11:40 - (detect.c:153) <Info> (DetectExitPrintStats) -- (Detect1) (4byte) Pkts 0, Scanned 0 (nan), Searched 0 (nan): nan%.
[1733] 9/2/2010 -- 09:11:40 - (detect.c:159) <Info> (DetectExitPrintStats) -- (Detect1) (+byte) Pkts 0, Scanned 0 (nan), Searched 0 (nan): nan%.
[1733] 9/2/2010 -- 09:11:40 - (detect.c:166) <Info> (DetectExitPrintStats) -- (Detect1) URI (1byte) Uri's 0, Scanned 0 (nan), Searched 0 (nan): nan%.
[1733] 9/2/2010 -- 09:11:40 - (detect.c:172) <Info> (DetectExitPrintStats) -- (Detect1) URI (2byte) Uri's 0, Scanned 0 (nan), Searched 0 (nan): nan%.
[1733] 9/2/2010 -- 09:11:40 - (detect.c:178) <Info> (DetectExitPrintStats) -- (Detect1) URI (3byte) Uri's 0, Scanned 0 (nan), Searched 0 (nan): nan%.
[1733] 9/2/2010 -- 09:11:40 - (detect.c:184) <Info> (DetectExitPrintStats) -- (Detect1) URI (4byte) Uri's 0, Scanned 0 (nan), Searched 0 (nan): nan%.
[1733] 9/2/2010 -- 09:11:40 - (detect.c:190) <Info> (DetectExitPrintStats) -- (Detect1) URI (+byte) Uri's 0, Scanned 0 (nan), Searched 0 (nan): nan%.
[1734] 9/2/2010 -- 09:11:40 - (detect.c:135) <Info> (DetectExitPrintStats) -- (Detect2) (1byte) Pkts 0, Scanned 0 (nan), Searched 0 (nan): nan%.
[1734] 9/2/2010 -- 09:11:40 - (detect.c:141) <Info> (DetectExitPrintStats) -- (Detect2) (2byte) Pkts 0, Scanned 0 (nan), Searched 0 (nan): nan%.
[1734] 9/2/2010 -- 09:11:40 - (detect.c:147) <Info> (DetectExitPrintStats) -- (Detect2) (3byte) Pkts 0, Scanned 0 (nan), Searched 0 (nan): nan%.
[1734] 9/2/2010 -- 09:11:40 - (detect.c:153) <Info> (DetectExitPrintStats) -- (Detect2) (4byte) Pkts 0, Scanned 0 (nan), Searched 0 (nan): nan%.
[1734] 9/2/2010 -- 09:11:40 - (detect.c:159) <Info> (DetectExitPrintStats) -- (Detect2) (+byte) Pkts 0, Scanned 0 (nan), Searched 0 (nan): nan%.
[1734] 9/2/2010 -- 09:11:40 - (detect.c:166) <Info> (DetectExitPrintStats) -- (Detect2) URI (1byte) Uri's 0, Scanned 0 (nan), Searched 0 (nan): nan%.
[1734] 9/2/2010 -- 09:11:40 - (detect.c:172) <Info> (DetectExitPrintStats) -- (Detect2) URI (2byte) Uri's 0, Scanned 0 (nan), Searched 0 (nan): nan%.
[1734] 9/2/2010 -- 09:11:40 - (detect.c:178) <Info> (DetectExitPrintStats) -- (Detect2) URI (3byte) Uri's 0, Scanned 0 (nan), Searched 0 (nan): nan%.
[1734] 9/2/2010 -- 09:11:40 - (detect.c:184) <Info> (DetectExitPrintStats) -- (Detect2) URI (4byte) Uri's 0, Scanned 0 (nan), Searched 0 (nan): nan%.
[1734] 9/2/2010 -- 09:11:40 - (detect.c:190) <Info> (DetectExitPrintStats) -- (Detect2) URI (+byte) Uri's 0, Scanned 0 (nan), Searched 0 (nan): nan%.
[1735] 9/2/2010 -- 09:11:40 - (source-nfq.c:411) <Info> (VerdictNFQThreadExitStats) -- (Verdict) Pkts accepted 0, dropped 0
Segmentation fault (core dumped)

#0 0x00007f363b26f4df in nfq_destroy_queue () from /usr/lib/libnetfilter_queue.so.1
(gdb) bt full
#0 0x00007f363b26f4df in nfq_destroy_queue () from /usr/lib/libnetfilter_queue.so.1
No symbol table info available.
#1 0x0000000000409c7d in VerdictNFQThreadDeinit (tv=<value optimized out>, data=0x2) at source-nfq.c:342
No locals.
#2 0x000000000045e2cd in TmThreadsSlot1 (td=<value optimized out>) at tm-threads.c:359
tv = 0x2b6ffa0
s = 0x2b70070
p = 0x0
r = <value optimized out>
#3 0x00007f363ae51a04 in start_thread (arg=<value optimized out>) at pthread_create.c:300
__res = <value optimized out>
pd = 0x7f363796f910
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {139870837602576, 7446265788841629920, 140734295273072, 0, 0, 3, -7405575414771574560, -7405599480288339744}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {
prev = 0x0, cleanup = 0x0, canceltype = 0}}}
not_first_call = <value optimized out>
robust = <value optimized out>
#4 0x00007f363a76c80d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
No locals.
#5 0x0000000000000000 in ?? ()
No symbol table info available.
(gdb)

Actions

Also available in: Atom PDF