Repeat mode causes NFQUEUE kernel warning messages for net/ipv4/tcp_output.c

jamesyonan · June 7, 2021, 5:41pm

So there’s an issue with Suricata (6.0.2 with Linux 5.4.99) when used with repeat mode and NFQUEUE that was discussed over a year ago where this warning in tcp_output.c gets triggered:

	/* Keep one reference on sk_wmem_alloc.
	 * Will be released by sk_free() from here or tcp_tasklet_func()
	 */
	WARN_ON(refcount_sub_and_test(skb->truesize - 1, &sk->sk_wmem_alloc));

A patch to Suricata was provided here:

https://marc.info/?l=netfilter&m=158202960208464&w=2

The patch looks a bit experimental and wasn’t merged, so I’m wondering if this is the best known solution to the issue at the moment?

Thanks,
James

Andreas_Herz · June 12, 2021, 8:08pm

I did a quick check but didn’t find a bug ticket for that in our redmine, could you create on with your scenario and additional details?
The code snippet from Florian might be a starting point but needs more testing I would guess.

Topic		Replies	Views
Suricata with nfqueue: Facing kernel panic in __pv_queued_spin_lock_slowpath Help community , suricata , nfq	3	18	November 20, 2024
Suricata iptables problem with repeat mode Help	2	33	November 5, 2024
Connections dropping out Help	5	1213	October 22, 2020
Stream.fin_but_no_session anomaly Help	4	513	August 31, 2022
Suspected memleak in Suricata 6.0.3 Help	5	1029	April 7, 2022

Repeat mode causes NFQUEUE kernel warning messages for net/ipv4/tcp_output.c

Related topics