Hi Victor, Le mercredi 19 mai 2010 à 12:15 +0200, Victor Julien a écrit : > Hi all, > > I'm using libnetfilter_queue for inline mode in the Suricata IDS/IPS > (www.openinfosecfoundation.org). I'm using a callback that makes the > packet(s) available to the detection engine. In some special cases the > call back could fail (only malloc failure atm). > > I was wondering what the proper response would be to such an event. I'm > assuming nfq_handle_packet() would return an (non zero) error code in > that case. > > Should I verdict the packet? (drop to be safe) Yes, clearly ! If you don't do this the packet will get stuck inside the kernel and nothing will released it (and free associated structures). The only other mean to free queued packet is to unregister from the NF queue. BR, -- Eric Leblond <eric@xxxxxx> INL: http://www.inl.fr/ NuFW: http://www.nufw.org/
Attachment:
signature.asc
Description: Ceci est une partie de message =?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e?=
