Suricata

It appears that suricata leaks memory in af_packet mode when 'use-mmap' option is enabled and incorrect BPF filter is specified (e.g., 1.1.1.1/24 with non-network bits set). The reason is that suricata doesn't treat erroneous BPF filter as a fatal error and tries to reopen a capture interface. However, munmap() is not called in this case and suricata calls mmap() again and again, causing a memory leak (and it's not detected by valgrind). As a result, this behavior can lead to a system crash.

There're two possible options:
1) return AFP_FATAL_ERROR if AFPSetBPFFilter() fails;
2) add new function that does munmap().

Actually, I don't think that option 2 is correct because there's no reason for setting erroneous BPF filter again and again. IMHO, this should be treated as something like socket error.