Repeat mode causes NFQUEUE kernel warning messages for net/ipv4/tcp_output.c

jamesyonan · June 7, 2021, 5:41pm

So there’s an issue with Suricata (6.0.2 with Linux 5.4.99) when used with repeat mode and NFQUEUE that was discussed over a year ago where this warning in tcp_output.c gets triggered:

	/* Keep one reference on sk_wmem_alloc.
	 * Will be released by sk_free() from here or tcp_tasklet_func()
	 */
	WARN_ON(refcount_sub_and_test(skb->truesize - 1, &sk->sk_wmem_alloc));

A patch to Suricata was provided here:

https://marc.info/?l=netfilter&m=158202960208464&w=2

The patch looks a bit experimental and wasn’t merged, so I’m wondering if this is the best known solution to the issue at the moment?

Thanks,
James

Andreas_Herz · June 12, 2021, 8:08pm

I did a quick check but didn’t find a bug ticket for that in our redmine, could you create on with your scenario and additional details?
The code snippet from Florian might be a starting point but needs more testing I would guess.

Topic		Replies	Views
Stream.fin_but_no_session anomaly Help	4	460	August 31, 2022
Suspected memleak in Suricata 6.0.3 Help	5	942	April 7, 2022
Suricata 5.0.5 with netmap and intel X520 on FreeBSD 12.2 Help pfsense	1	1067	March 29, 2021
Application detection and duplicate TCP/SYN Help	6	1009	September 1, 2022
Tcp.pkt_on_wrong_thread Help	19	2070	November 4, 2021

Repeat mode causes NFQUEUE kernel warning messages for net/ipv4/tcp_output.c

Related Topics