Bug #7622: AFPacket V3 missing socket ref count decrement - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #7622

closed

AFPacket V3 missing socket ref count decrement

Added by Jeff Weeks 11 days ago. Updated 10 days ago.

Status:

Rejected

Priority:

Normal

Assignee:

Jeff Weeks

Target version:

TBD

Affected Versions:

7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 6.0.18, 6.0.19, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9

Effort:

low

Difficulty:

medium

Label:

Description

This can be fairly easily reproduced by sending traffic with AFPacket V3 enabled.

I first confirm traffic is being send (`tcpdump -ni <dev>`)
And then confirm suricata is seeting/processing the packets (`tail -F /var/log/suricata/stats.log | grep -E "kernel|decode`)

I then artifical flap the NIC (`ip link set <dev> down; sleep 1; ip link set <dev> up`)

At this point, traffic is still going through the NIC, but Suricata isn't seeing it.

I've tracked this down to a missing AFPDerefSocket call inside the AFPReleasePacketV3 function.

Actions

Copy link

Updated by Jeff Weeks 10 days ago

Status changed from New to Rejected

Already fixed in master via https://github.com/OISF/suricata/commit/e3d20acb98141fc8d109302158e898ed388f1b5a

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Bug #7622

AFPacket V3 missing socket ref count decrement

Updated by Jeff Weeks 10 days ago