Public bug reported:
Suricata in newer kernels (3.5 and upper) will complain like this:
* NFQUEUE support not found !
* Please ensure the nfnetlink_queue module is loaded or built in kernel
although nfnetlink_queue is loaded:
lsmod | grep nfnetlink_queue
nfnetlink_queue 17557 3
nfnetlink 13983 5 nf_conntrack_netlink,nfnetlink_queue
This happens because /etc/init.d/suricata does this check:
check_nfqueue() {
if [ ! -e /proc/net/netfilter/nf_queue ]; then
log_failure_msg "NFQUEUE support not found !"
log_failure_msg "Please ensure the nfnetlink_queue module is loaded or
built in kernel"
exit 5
fi
}
Nevertheless this only works in pre3.5 kernels as newer kernels have supressed
ip_queue , in benefit of libnetfilter_queue.
Thus the script should check that nor /proc/net/netfilter/nf_queue nor
/proc/net/netfilter/nfnetlink_queue existed.
** Affects: suricata (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1250439
Title:
suricata complains about NFQUEUE in newer kernels
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/suricata/+bug/1250439/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
