libdaq crash using nfq module

Hello all.
I have an issue using libdaq-3.0.3 and snort 3.1.5.0.

It's running with NFQ module : 
```
 pkts bytes target     prot opt in     out     source               destination                                                                                                                                                                                          
 115M  261G NFQUEUE    all  --  *      *       0.0.0.0/0            0.0.0.0/0            match-set iface dst,dst match-set lface src,src NFQUEUE balance 4:7 bypass                                                                                                      
  99M 5283M NFQUEUE    all  --  *      *       0.0.0.0/0            0.0.0.0/0            match-set lface dst,dst match-set iface src,src NFQUEUE balance 4:7 bypass                                                                                                      

```
and daq config is : 
```
daq = {
        modules = {{
                name = 'nfq',
                mode = 'inline',
                variables = { 'fail-open' }
        }},
        inputs = { '4','5','6','7' }
}

```
Snort is launched with this command line : 
`/usr/local/snort/bin/snort -z 0 -U -c /DATA/conf/snort/snort.lua -Q -k none --create-pidfile -l /DATA/run
`
The stack is :

```
Error receiving message from the DAQ instance: nfq_daq_msg_receive: Netlink message processing failed: -1 - No such file or directory (2)
-- [1] 5
*** Error in `/usr/local/snort/bin/snort': double free or corruption (!prev): 0x1bad2650 ***
======= Backtrace: =========
/lib/libc.so.6(+0x71270)[0xb6de4270]
/lib/libc.so.6(+0x7ba73)[0xb6deea73]
/lib/libc.so.6(cfree+0x58)[0xb6df35d8]
/usr/local/snort/bin/snort[0x82e29e1]
/usr/local/snort/lib/libdaq.so.3(daq_instance_destroy+0x35)[0xb7ee56a5]
/usr/local/snort/bin/snort[0x81567eb]
/usr/local/snort/bin/snort[0x811b17e]
/usr/local/snort/bin/snort[0x809796d]
/usr/local/snort/bin/snort[0x807bac7]
/lib/libc.so.6(__libc_start_main+0x107)[0xb6d8b697]
/usr/local/snort/bin/snort[0x80973ea]
======= Memory map: ========
08048000-08466000 r-xp 00000000 08:01 110461     /usr/local/snort/bin/snort
08467000-08468000 r--p 0041e000 08:01 110461     /usr/local/snort/bin/snort
08468000-0846c000 rw-p 0041f000 08:01 110461     /usr/local/snort/bin/snort
0846c000-1bf8b000 rw-p 00000000 00:00 0          [heap]
a8000000-a809d000 rw-p 00000000 00:00 0 
a809d000-a8100000 ---p 00000000 00:00 0 
a8100000-a8199000 rw-p 00000000 00:00 0 
a8199000-a8200000 ---p 00000000 00:00 0 
a8200000-a82c0000 rw-p 00000000 00:00 0 
a82c0000-a8300000 ---p 00000000 00:00 0 
[ ...........]

Snort (PID 589673802577758235) caught fatal signal: (null)
Version: 3.1.5.0

Aborted

```

If you need more informations let me know.
Thanks

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

libdaq crash using nfq module #19

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

libdaq crash using nfq module #19

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions