Hi, Whenever I use NFQUEUE/iptables to send traffic to an IDS/IPS (eg. Suricata), I get an ugly kernel warning which can sometimes and on the long run turn into a system freeze. I'm using NFQUEUE 0:5, and I'm running Suricata with -q 0 -q 1 -q 2 -q 3 -q 4 -q 5 as arguments. I've already reported the issue on the LKML here: https://lkml.org/lkml/2020/2/13/1255 However, I've been told by the Suricata ML to try and post here too. The message "WARNING: CPU: * at net/ipv4/tcp_output.c:915" does not appear when I stop using Suricata with NFQUEUE. Regards, Vieri
