Bug #769: Be sure to always apply verdict to NFQ packet - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #769

closed

Be sure to always apply verdict to NFQ packet

Added by Eric Leblond about 11 years ago. Updated almost 11 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Eric Leblond

Target version:

2.0beta1

Affected Versions:

Effort:

Difficulty:

Label:

Description

It seems that in some cases, it is possible that Suricata do not verdict a Packet. This is for example the case when the propagation to the other module fails. This could result in some packets getting stuck inside Netfilter queue on kernel side.

We should investigate more deeply into this to be sure we always verdict Packet.

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Bug #769

Be sure to always apply verdict to NFQ packet

Updated by Victor Julien about 11 years ago

Updated by Eric Leblond almost 11 years ago

Updated by Victor Julien almost 11 years ago

Updated by Victor Julien almost 11 years ago