Actions
Bug #1456
closedUsing nfq_set_mark in rules when running in netmap mode leads to segfault
Status:
Closed
Priority:
Normal
Assignee:
-
Target version:
-
Affected Versions:
Effort:
Difficulty:
Label:
Description
Hi,
While testing master for netmap functionality, I kept some rules with nfq_set_mark keyword. As soon as a packet matches one of these rules, suricata segfaults.
Note that suricata was compiled with both nfq and netmap support.
Regards,
Thierry
Updated by Victor Julien over 10 years ago
- Status changed from New to Assigned
- Assignee set to Eric Leblond
- Target version set to 2.1beta4
It's likely that this will crash IPS with AF_PACKET as well.
Updated by Eric Leblond over 10 years ago
Bonjour,
After a quick look to the code there is no obvious bug here.
A few questions:- Are you using netmap in IPS mode ?
- Could you report a backtrace to help the debugging (please follow Reporting_Bugs for more info)
Updated by Thierry MAGNIEN over 10 years ago
Yes, IPS with copy-mode "tap".
I'll compile with debug flags and will provide backtrace.
Thierry
Updated by Thierry MAGNIEN over 10 years ago
Here you are:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffc8665700 (LWP 64976)]
0x000000000059736c in NetmapWritePacket (ntv=0x43c04b1, p=0x43bf6b0) at source-netmap.c:619
619 int dst_ring_id = p->netmap_v.ring_id % ntv->ifdst->rings_cnt;
(gdb) bt
#0 0x000000000059736c in NetmapWritePacket (ntv=0x43c04b1, p=0x43bf6b0) at source-netmap.c:619
#1 0x000000000059753f in NetmapReleasePacket (p=0x43bf6b0) at source-netmap.c:663
#2 0x00000000005ccdad in TmqhOutputPacketpool (t=0x404bac0, p=0x43bf6b0) at tmqh-packetpool.c:454
#3 0x0000000000593ed4 in TmThreadsSlotProcessPkt (tv=0x404bac0, s=0x404bd00, p=0x43bf6b0)
at tm-threads.h:160
#4 0x000000000059786e in NetmapRingRead (ntv=0x43c04b0, ring_id=6) at source-netmap.c:741
#5 0x00000000005983be in ReceiveNetmapLoop (tv=0x404bac0, data=0x43c04b0, slot=0x404bbc0)
at source-netmap.c:818
#6 0x00000000005cef94 in TmThreadsSlotPktAcqLoop (td=0x404bac0) at tm-threads.c:338
#7 0x00007ffff6456b50 in start_thread () from /lib/x86_64-linux-gnu/libpthread.so.0
#8 0x00007ffff5d4395d in clone () from /lib/x86_64-linux-gnu/libc.so.6
#9 0x0000000000000000 in ?? ()
(gdb) bt full
#0 0x000000000059736c in NetmapWritePacket (ntv=0x43c04b1, p=0x43bf6b0) at source-netmap.c:619
dst_ring_id = 0
txring = 0x43bf6b0
rxring = 0x445b160
rs = 0x404c240
ts = 0x0
tmp_idx = 32767
#1 0x000000000059753f in NetmapReleasePacket (p=0x43bf6b0) at source-netmap.c:663
ntv = 0x43c04b1
#2 0x00000000005ccdad in TmqhOutputPacketpool (t=0x404bac0, p=0x43bf6b0) at tmqh-packetpool.c:454
proot = 0
#3 0x0000000000593ed4 in TmThreadsSlotProcessPkt (tv=0x404bac0, s=0x404bd00, p=0x43bf6b0)
at tm-threads.h:160
slot = 0x5d80045b271
r = TM_ECODE_OK
#4 0x000000000059786e in NetmapRingRead (ntv=0x43c04b0, ring_id=6) at source-netmap.c:741
slot = 0x7fffdf62c100
slot_data = 0x7fffe1aae800 ""
p = 0x43bf6b0
ring = 0x7fffdf62c000
avail = 14
cur = 0
#5 0x00000000005983be in ReceiveNetmapLoop (tv=0x404bac0, data=0x43c04b0, slot=0x404bbc0)
at source-netmap.c:818
src_ring_id = 6
i = 0
r = 1
s = 0x404bbc0
ntv = 0x43c04b0
fds = 0x6c5fcc0
rings_count = 1
__FUNCTION__ = "ReceiveNetmapLoop"
#6 0x00000000005cef94 in TmThreadsSlotPktAcqLoop (td=0x404bac0) at tm-threads.c:338
tv = 0x404bac0
s = 0x404bbc0
run = 1 '\001'
r = TM_ECODE_OK
slot = 0x0
__FUNCTION__ = "TmThreadsSlotPktAcqLoop"
__PRETTY_FUNCTION__ = "TmThreadsSlotPktAcqLoop"
#7 0x00007ffff6456b50 in start_thread () from /lib/x86_64-linux-gnu/libpthread.so.0
No symbol table info available.
#8 0x00007ffff5d4395d in clone () from /lib/x86_64-linux-gnu/libc.so.6
No symbol table info available.
#9 0x0000000000000000 in ?? ()
No symbol table info available.
Updated by Victor Julien over 10 years ago
- Target version changed from 2.1beta4 to 3.0RC1
Updated by Victor Julien about 10 years ago
- Target version changed from 3.0RC1 to TBD
Updated by Andreas Herz over 8 years ago
Could you test if this is still an issue with most recent versions of Suricata?
Updated by Victor Julien about 8 years ago
- Status changed from Assigned to Closed
- Assignee deleted (
Eric Leblond) - Target version deleted (
TBD)
Time out.
Actions