Hi all, I'm using libnetfilter_queue for inline mode in the Suricata IDS/IPS (www.openinfosecfoundation.org). I'm using a callback that makes the packet(s) available to the detection engine. In some special cases the call back could fail (only malloc failure atm). I was wondering what the proper response would be to such an event. I'm assuming nfq_handle_packet() would return an (non zero) error code in that case. Should I verdict the packet? (drop to be safe) Cheers, Victor -- --------------------------------------------- Victor Julien http://www.inliniac.net/ PGP: http://www.inliniac.net/victorjulien.asc --------------------------------------------- -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
