Actions
Bug #4800
closedaf-packet: flag colision between kernel and Suricata
Affected Versions:
Effort:
Difficulty:
Label:
Description
Suricata sets a flag to keep track of frames in the ring that are still being processed in autofp. This may have been an unused flag at some time, but in a current kernel it might be set.
src/source-af-packet.c:#define TP_STATUS_USER_BUSY BIT_U32(31) include/uapi/linux/if_packet.h:#define TP_STATUS_TS_RAW_HARDWARE (1U << 31)
Actions