On Tue, Feb 18, 2020 at 2:21 PM Florian Westphal <fw@xxxxxxxxx> wrote: > > > This means your kernel headers are older than 3.10. > It should be part of /usr/include/linux/netfilter/nfnetlink_queue.h . Actually I have 4.19. I also had to define another constant. In any case, it compiled OK, and the problem was not seen again for a test period of at least 15 hours (I usually had several of these kernel warnings almost each hour, so 15 hours in a weekday is significant). I then removed your patch, recompiled and ran suricata in nfq "accept" mode (default). It was set as "repeat mode" before. It hasn't been running long enough yet (7 hours), but for now I haven't seen any kernel warnings in "accept mode". So all I can say for now is that it seems I'm getting these kernel warnings when using Suricata in nfq repeat mode. I'll ask the Suricata ML what they think about that. Thanks, Vieri
