Skip to content

libdaq crash using nfq module #19

Open
Open
libdaq crash using nfq module#19
@lafibre

Description

@lafibre
lafibre
opened on May 20, 2022

Hello all.
I have an issue using libdaq-3.0.3 and snort 3.1.5.0.

It's running with NFQ module :

 pkts bytes target     prot opt in     out     source               destination                                                                                                                                                                                          
 115M  261G NFQUEUE    all  --  *      *       0.0.0.0/0            0.0.0.0/0            match-set iface dst,dst match-set lface src,src NFQUEUE balance 4:7 bypass                                                                                                      
  99M 5283M NFQUEUE    all  --  *      *       0.0.0.0/0            0.0.0.0/0            match-set lface dst,dst match-set iface src,src NFQUEUE balance 4:7 bypass

and daq config is :

daq = {
        modules = {{
                name = 'nfq',
                mode = 'inline',
                variables = { 'fail-open' }
        }},
        inputs = { '4','5','6','7' }
}

Snort is launched with this command line :
/usr/local/snort/bin/snort -z 0 -U -c /DATA/conf/snort/snort.lua -Q -k none --create-pidfile -l /DATA/run
The stack is :

Error receiving message from the DAQ instance: nfq_daq_msg_receive: Netlink message processing failed: -1 - No such file or directory (2)
-- [1] 5
*** Error in `/usr/local/snort/bin/snort': double free or corruption (!prev): 0x1bad2650 ***
======= Backtrace: =========
/lib/libc.so.6(+0x71270)[0xb6de4270]
/lib/libc.so.6(+0x7ba73)[0xb6deea73]
/lib/libc.so.6(cfree+0x58)[0xb6df35d8]
/usr/local/snort/bin/snort[0x82e29e1]
/usr/local/snort/lib/libdaq.so.3(daq_instance_destroy+0x35)[0xb7ee56a5]
/usr/local/snort/bin/snort[0x81567eb]
/usr/local/snort/bin/snort[0x811b17e]
/usr/local/snort/bin/snort[0x809796d]
/usr/local/snort/bin/snort[0x807bac7]
/lib/libc.so.6(__libc_start_main+0x107)[0xb6d8b697]
/usr/local/snort/bin/snort[0x80973ea]
======= Memory map: ========
08048000-08466000 r-xp 00000000 08:01 110461     /usr/local/snort/bin/snort
08467000-08468000 r--p 0041e000 08:01 110461     /usr/local/snort/bin/snort
08468000-0846c000 rw-p 0041f000 08:01 110461     /usr/local/snort/bin/snort
0846c000-1bf8b000 rw-p 00000000 00:00 0          [heap]
a8000000-a809d000 rw-p 00000000 00:00 0 
a809d000-a8100000 ---p 00000000 00:00 0 
a8100000-a8199000 rw-p 00000000 00:00 0 
a8199000-a8200000 ---p 00000000 00:00 0 
a8200000-a82c0000 rw-p 00000000 00:00 0 
a82c0000-a8300000 ---p 00000000 00:00 0 
[ ...........]

Snort (PID 589673802577758235) caught fatal signal: (null)
Version: 3.1.5.0

Aborted

If you need more informations let me know.
Thanks

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions