| 2013-11-12 12:31:53 |
Javier Bahillo |
bug |
|
|
added bug |
| 2013-11-12 12:37:26 |
Javier Bahillo |
attachment added |
|
suricata.init.patch https://bugs.launchpad.net/ubuntu/+source/suricata/+bug/1250439/+attachment/3906376/+files/suricata.init.patch |
|
| 2013-11-12 16:23:53 |
Ubuntu Foundations Team Bug Bot |
tags |
|
patch |
|
| 2013-11-12 16:24:02 |
Ubuntu Foundations Team Bug Bot |
bug |
|
|
added subscriber Ubuntu Review Team |
| 2013-11-13 19:30:06 |
Gabriel Mihai |
bug |
|
|
added subscriber Gabriel Mihai |
| 2013-11-15 11:48:02 |
Launchpad Janitor |
suricata (Ubuntu): status |
New |
Confirmed |
|
| 2014-04-11 15:33:50 |
Peter Matulis |
bug |
|
|
added subscriber Peter Matulis |
| 2014-04-22 21:57:57 |
Rafael David Tinoco |
suricata (Ubuntu): status |
Confirmed |
In Progress |
|
| 2014-04-22 21:59:05 |
Rafael David Tinoco |
suricata (Ubuntu): assignee |
|
Rafael David Tinoco (inaddy) |
|
| 2014-04-24 13:42:55 |
Rafael David Tinoco |
bug watch added |
|
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725301 |
|
| 2014-04-24 13:43:34 |
Rafael David Tinoco |
attachment added |
|
fix-precise-suricata_1.1.1-1.diff https://bugs.launchpad.net/ubuntu/+source/suricata/+bug/1250439/+attachment/4095409/+files/fix-precise-suricata_1.1.1-1.diff |
|
| 2014-04-24 13:44:13 |
Rafael David Tinoco |
attachment added |
|
fix-saucy-suricata_1.4.3-1.diff https://bugs.launchpad.net/ubuntu/+source/suricata/+bug/1250439/+attachment/4095410/+files/fix-saucy-suricata_1.4.3-1.diff |
|
| 2014-04-24 13:45:03 |
Rafael David Tinoco |
attachment added |
|
fix-trusty-suricata_1.4.7-1.diff https://bugs.launchpad.net/ubuntu/+source/suricata/+bug/1250439/+attachment/4095413/+files/fix-trusty-suricata_1.4.7-1.diff |
|
| 2014-04-24 15:49:33 |
Chris J Arges |
nominated for series |
|
Ubuntu Trusty |
|
| 2014-04-24 15:49:33 |
Chris J Arges |
bug task added |
|
suricata (Ubuntu Trusty) |
|
| 2014-04-24 15:49:33 |
Chris J Arges |
nominated for series |
|
Ubuntu Precise |
|
| 2014-04-24 15:49:33 |
Chris J Arges |
bug task added |
|
suricata (Ubuntu Precise) |
|
| 2014-04-24 15:49:33 |
Chris J Arges |
nominated for series |
|
Ubuntu Saucy |
|
| 2014-04-24 15:49:33 |
Chris J Arges |
bug task added |
|
suricata (Ubuntu Saucy) |
|
| 2014-04-24 15:52:27 |
Chris J Arges |
nominated for series |
|
Ubuntu Utopic |
|
| 2014-04-24 15:52:27 |
Chris J Arges |
bug task added |
|
suricata (Ubuntu Utopic) |
|
| 2014-04-24 15:53:01 |
Chris J Arges |
suricata (Ubuntu Trusty): assignee |
|
Rafael David Tinoco (inaddy) |
|
| 2014-04-24 15:53:09 |
Chris J Arges |
suricata (Ubuntu Saucy): assignee |
|
Rafael David Tinoco (inaddy) |
|
| 2014-04-24 15:53:17 |
Chris J Arges |
suricata (Ubuntu Precise): assignee |
|
Rafael David Tinoco (inaddy) |
|
| 2014-04-24 15:53:27 |
Chris J Arges |
suricata (Ubuntu Trusty): status |
New |
In Progress |
|
| 2014-04-24 15:53:29 |
Chris J Arges |
suricata (Ubuntu Saucy): status |
New |
In Progress |
|
| 2014-04-24 15:53:32 |
Chris J Arges |
suricata (Ubuntu Precise): status |
New |
In Progress |
|
| 2014-04-24 15:53:33 |
Chris J Arges |
suricata (Ubuntu Precise): importance |
Undecided |
Medium |
|
| 2014-04-24 15:53:35 |
Chris J Arges |
suricata (Ubuntu Trusty): importance |
Undecided |
Medium |
|
| 2014-04-24 15:53:38 |
Chris J Arges |
suricata (Ubuntu Saucy): importance |
Undecided |
Medium |
|
| 2014-04-24 15:53:40 |
Chris J Arges |
suricata (Ubuntu Utopic): importance |
Undecided |
Medium |
|
| 2014-04-24 16:23:04 |
Rafael David Tinoco |
description |
Suricata in newer kernels (3.5 and upper) will complain like this:
* NFQUEUE support not found !
* Please ensure the nfnetlink_queue module is loaded or built in kernel
although nfnetlink_queue is loaded:
lsmod | grep nfnetlink_queue
nfnetlink_queue 17557 3
nfnetlink 13983 5 nf_conntrack_netlink,nfnetlink_queue
This happens because /etc/init.d/suricata does this check:
check_nfqueue() {
if [ ! -e /proc/net/netfilter/nf_queue ]; then
log_failure_msg "NFQUEUE support not found !"
log_failure_msg "Please ensure the nfnetlink_queue module is loaded or built in kernel"
exit 5
fi
}
Nevertheless this only works in pre3.5 kernels as newer kernels have supressed ip_queue , in benefit of libnetfilter_queue.
Thus the script should check that nor /proc/net/netfilter/nf_queue nor /proc/net/netfilter/nfnetlink_queue existed. |
Suricata in newer kernels (3.5 and upper) will complain like this:
* NFQUEUE support not found !
* Please ensure the nfnetlink_queue module is loaded or built in kernel
although nfnetlink_queue is loaded:
lsmod | grep nfnetlink_queue
nfnetlink_queue 17557 3
nfnetlink 13983 5 nf_conntrack_netlink,nfnetlink_queue
This happens because /etc/init.d/suricata does this check:
check_nfqueue() {
if [ ! -e /proc/net/netfilter/nf_queue ]; then
log_failure_msg "NFQUEUE support not found !"
log_failure_msg "Please ensure the nfnetlink_queue module is loaded or built in kernel"
exit 5
fi
}
Nevertheless this only works in pre3.5 kernels as newer kernels have supressed ip_queue , in benefit of libnetfilter_queue.
Thus the script should check that nor /proc/net/netfilter/nf_queue nor /proc/net/netfilter/nfnetlink_queue existed.
[Impact]
* Suricata is not able to start without changes on config files.
When starting the daemon, it tries to detect NLQUEUE support
checking existence of wrong procfs file.
* On precise it is not able to start out-of-the-box after the
change above. Suricata-debian.yaml points to wrong
reference.config file.
* This change fixes LP #1250439.
[Test Case]
* Steps
Install "suricata" package with apt-get.
Set RUN to yes on /etc/default/suricata.
Make sure nfnetlink_queue and nfnetlink modules are not loaded.
Try to start suricata service and it will complain about no NFQUEUE.
Modprobe nfnetlink_queue and try to start suricata again.
You cannot because file being checked is /proc/net/netfilter/nf_queue.
* On precise:
Wrong auto-generated reference on /etc/suricata/suricata-debian.yaml.
Package silently refuses to start even after fixing service init script.
[Regression Potential]
* Since this problem exists on upstream and on all Ubuntu versions, it
is most likely that customers using this package have already fixed
init script.
* Since customers tend to write their own suricata rules, it is most
likely that cutomers have already fixed default rules file.
* Regression would make suricata daemon not to start (just like now).
[Other Info]
NA |
|
| 2014-04-24 16:23:34 |
Rafael David Tinoco |
description |
Suricata in newer kernels (3.5 and upper) will complain like this:
* NFQUEUE support not found !
* Please ensure the nfnetlink_queue module is loaded or built in kernel
although nfnetlink_queue is loaded:
lsmod | grep nfnetlink_queue
nfnetlink_queue 17557 3
nfnetlink 13983 5 nf_conntrack_netlink,nfnetlink_queue
This happens because /etc/init.d/suricata does this check:
check_nfqueue() {
if [ ! -e /proc/net/netfilter/nf_queue ]; then
log_failure_msg "NFQUEUE support not found !"
log_failure_msg "Please ensure the nfnetlink_queue module is loaded or built in kernel"
exit 5
fi
}
Nevertheless this only works in pre3.5 kernels as newer kernels have supressed ip_queue , in benefit of libnetfilter_queue.
Thus the script should check that nor /proc/net/netfilter/nf_queue nor /proc/net/netfilter/nfnetlink_queue existed.
[Impact]
* Suricata is not able to start without changes on config files.
When starting the daemon, it tries to detect NLQUEUE support
checking existence of wrong procfs file.
* On precise it is not able to start out-of-the-box after the
change above. Suricata-debian.yaml points to wrong
reference.config file.
* This change fixes LP #1250439.
[Test Case]
* Steps
Install "suricata" package with apt-get.
Set RUN to yes on /etc/default/suricata.
Make sure nfnetlink_queue and nfnetlink modules are not loaded.
Try to start suricata service and it will complain about no NFQUEUE.
Modprobe nfnetlink_queue and try to start suricata again.
You cannot because file being checked is /proc/net/netfilter/nf_queue.
* On precise:
Wrong auto-generated reference on /etc/suricata/suricata-debian.yaml.
Package silently refuses to start even after fixing service init script.
[Regression Potential]
* Since this problem exists on upstream and on all Ubuntu versions, it
is most likely that customers using this package have already fixed
init script.
* Since customers tend to write their own suricata rules, it is most
likely that cutomers have already fixed default rules file.
* Regression would make suricata daemon not to start (just like now).
[Other Info]
NA |
[Impact]
* Suricata is not able to start without changes on config files.
When starting the daemon, it tries to detect NLQUEUE support
checking existence of wrong procfs file.
* On precise it is not able to start out-of-the-box after the
change above. Suricata-debian.yaml points to wrong
reference.config file.
* This change fixes LP #1250439.
[Test Case]
* Steps
Install "suricata" package with apt-get.
Set RUN to yes on /etc/default/suricata.
Make sure nfnetlink_queue and nfnetlink modules are not loaded.
Try to start suricata service and it will complain about no NFQUEUE.
Modprobe nfnetlink_queue and try to start suricata again.
You cannot because file being checked is /proc/net/netfilter/nf_queue.
* On precise:
Wrong auto-generated reference on /etc/suricata/suricata-debian.yaml.
Package silently refuses to start even after fixing service init script.
[Regression Potential]
* Since this problem exists on upstream and on all Ubuntu versions, it
is most likely that customers using this package have already fixed
init script.
* Since customers tend to write their own suricata rules, it is most
likely that cutomers have already fixed default rules file.
* Regression would make suricata daemon not to start (just like now).
[Other Info]
NA
Suricata in newer kernels (3.5 and upper) will complain like this:
* NFQUEUE support not found !
* Please ensure the nfnetlink_queue module is loaded or built in kernel
although nfnetlink_queue is loaded:
lsmod | grep nfnetlink_queue
nfnetlink_queue 17557 3
nfnetlink 13983 5 nf_conntrack_netlink,nfnetlink_queue
This happens because /etc/init.d/suricata does this check:
check_nfqueue() {
if [ ! -e /proc/net/netfilter/nf_queue ]; then
log_failure_msg "NFQUEUE support not found !"
log_failure_msg "Please ensure the nfnetlink_queue module is loaded or built in kernel"
exit 5
fi
}
Nevertheless this only works in pre3.5 kernels as newer kernels have supressed ip_queue , in benefit of libnetfilter_queue.
Thus the script should check that nor /proc/net/netfilter/nf_queue nor /proc/net/netfilter/nfnetlink_queue existed. |
|
| 2014-04-24 16:24:08 |
Rafael David Tinoco |
description |
[Impact]
* Suricata is not able to start without changes on config files.
When starting the daemon, it tries to detect NLQUEUE support
checking existence of wrong procfs file.
* On precise it is not able to start out-of-the-box after the
change above. Suricata-debian.yaml points to wrong
reference.config file.
* This change fixes LP #1250439.
[Test Case]
* Steps
Install "suricata" package with apt-get.
Set RUN to yes on /etc/default/suricata.
Make sure nfnetlink_queue and nfnetlink modules are not loaded.
Try to start suricata service and it will complain about no NFQUEUE.
Modprobe nfnetlink_queue and try to start suricata again.
You cannot because file being checked is /proc/net/netfilter/nf_queue.
* On precise:
Wrong auto-generated reference on /etc/suricata/suricata-debian.yaml.
Package silently refuses to start even after fixing service init script.
[Regression Potential]
* Since this problem exists on upstream and on all Ubuntu versions, it
is most likely that customers using this package have already fixed
init script.
* Since customers tend to write their own suricata rules, it is most
likely that cutomers have already fixed default rules file.
* Regression would make suricata daemon not to start (just like now).
[Other Info]
NA
Suricata in newer kernels (3.5 and upper) will complain like this:
* NFQUEUE support not found !
* Please ensure the nfnetlink_queue module is loaded or built in kernel
although nfnetlink_queue is loaded:
lsmod | grep nfnetlink_queue
nfnetlink_queue 17557 3
nfnetlink 13983 5 nf_conntrack_netlink,nfnetlink_queue
This happens because /etc/init.d/suricata does this check:
check_nfqueue() {
if [ ! -e /proc/net/netfilter/nf_queue ]; then
log_failure_msg "NFQUEUE support not found !"
log_failure_msg "Please ensure the nfnetlink_queue module is loaded or built in kernel"
exit 5
fi
}
Nevertheless this only works in pre3.5 kernels as newer kernels have supressed ip_queue , in benefit of libnetfilter_queue.
Thus the script should check that nor /proc/net/netfilter/nf_queue nor /proc/net/netfilter/nfnetlink_queue existed. |
[Impact]
* Suricata is not able to start without changes on config files.
When starting the daemon, it tries to detect NLQUEUE support
checking existence of wrong procfs file.
* On precise it is not able to start out-of-the-box after the
change above. Suricata-debian.yaml points to wrong
reference.config file.
* This change fixes LP #1250439.
[Test Case]
* Steps
Install "suricata" package with apt-get.
Set RUN to yes on /etc/default/suricata.
Make sure nfnetlink_queue and nfnetlink modules are not loaded.
Try to start suricata service and it will complain about no NFQUEUE.
Modprobe nfnetlink_queue and try to start suricata again.
You cannot because file being checked is /proc/net/netfilter/nf_queue.
* On precise:
Wrong auto-generated reference on /etc/suricata/suricata-debian.yaml.
Package silently refuses to start even after fixing service init script.
[Regression Potential]
* Since this problem exists on upstream and on all Ubuntu versions, it
is most likely that customers using this package have already fixed
init script.
* Since customers tend to write their own suricata rules, it is most
likely that cutomers have already fixed default rules file.
* Regression would make suricata daemon not to start (just like now).
[Other Info]
Suricata in newer kernels (3.5 and upper) will complain like this:
* NFQUEUE support not found !
* Please ensure the nfnetlink_queue module is loaded or built in kernel
although nfnetlink_queue is loaded:
lsmod | grep nfnetlink_queue
nfnetlink_queue 17557 3
nfnetlink 13983 5 nf_conntrack_netlink,nfnetlink_queue
This happens because /etc/init.d/suricata does this check:
check_nfqueue() {
if [ ! -e /proc/net/netfilter/nf_queue ]; then
log_failure_msg "NFQUEUE support not found !"
log_failure_msg "Please ensure the nfnetlink_queue module is loaded or built in kernel"
exit 5
fi
}
Nevertheless this only works in pre3.5 kernels as newer kernels have supressed ip_queue , in benefit of libnetfilter_queue.
Thus the script should check that nor /proc/net/netfilter/nf_queue nor /proc/net/netfilter/nfnetlink_queue existed. |
|
| 2014-04-28 22:51:29 |
Brian Murray |
suricata (Ubuntu Trusty): status |
In Progress |
Fix Committed |
|
| 2014-04-28 22:51:33 |
Brian Murray |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
| 2014-04-28 22:51:34 |
Brian Murray |
bug |
|
|
added subscriber SRU Verification |
| 2014-04-28 22:51:37 |
Brian Murray |
tags |
patch |
patch verification-needed |
|
| 2014-04-28 23:07:43 |
Brian Murray |
suricata (Ubuntu Saucy): status |
In Progress |
Fix Committed |
|
| 2014-04-28 23:14:01 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/saucy-proposed/suricata |
|
| 2014-04-28 23:14:02 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/trusty-proposed/suricata |
|
| 2014-04-28 23:17:18 |
Brian Murray |
suricata (Ubuntu Precise): status |
In Progress |
Fix Committed |
|
| 2014-04-28 23:23:03 |
Launchpad Janitor |
branch linked |
|
lp:~ubuntu-branches/ubuntu/precise/suricata/precise-proposed |
|
| 2014-05-05 09:48:25 |
Javier Bahillo |
tags |
patch verification-needed |
patch verification-done-precise verification-done-saucy verification-needed |
|
| 2014-05-08 21:21:51 |
Brian Murray |
bug |
|
|
added subscriber Brian Murray |
| 2014-05-09 10:02:17 |
Javier Bahillo |
tags |
patch verification-done-precise verification-done-saucy verification-needed |
patch verification-done |
|
| 2014-05-12 05:18:09 |
Launchpad Janitor |
suricata (Ubuntu Trusty): status |
Fix Committed |
Fix Released |
|
| 2014-05-12 05:18:15 |
Scott Kitterman |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
| 2014-05-12 05:19:07 |
Launchpad Janitor |
suricata (Ubuntu Saucy): status |
Fix Committed |
Fix Released |
|
| 2014-05-12 05:19:52 |
Launchpad Janitor |
suricata (Ubuntu Precise): status |
Fix Committed |
Fix Released |
|
| 2015-05-02 03:26:00 |
Rafael David Tinoco |
suricata (Ubuntu): assignee |
Rafael David Tinoco (inaddy) |
|
|
| 2015-05-02 03:26:03 |
Rafael David Tinoco |
suricata (Ubuntu Precise): assignee |
Rafael David Tinoco (inaddy) |
|
|
| 2015-05-02 03:26:04 |
Rafael David Tinoco |
suricata (Ubuntu Saucy): assignee |
Rafael David Tinoco (inaddy) |
|
|
| 2015-05-02 03:26:05 |
Rafael David Tinoco |
suricata (Ubuntu Trusty): assignee |
Rafael David Tinoco (inaddy) |
|
|
| 2015-05-02 03:26:07 |
Rafael David Tinoco |
suricata (Ubuntu Utopic): assignee |
Rafael David Tinoco (inaddy) |
|
|
| 2015-05-18 13:29:54 |
Jamie Strandboge |
nominated for series |
|
Ubuntu Wily |
|
| 2015-05-18 13:29:54 |
Jamie Strandboge |
bug task added |
|
suricata (Ubuntu Wily) |
|
| 2015-05-18 13:29:54 |
Jamie Strandboge |
nominated for series |
|
Ubuntu Vivid |
|
| 2015-05-18 13:29:54 |
Jamie Strandboge |
bug task added |
|
suricata (Ubuntu Vivid) |
|
| 2015-05-18 13:30:04 |
Jamie Strandboge |
suricata (Ubuntu Vivid): status |
New |
Triaged |
|
| 2015-05-18 13:30:07 |
Jamie Strandboge |
suricata (Ubuntu Wily): status |
In Progress |
Fix Released |
|
| 2015-05-18 13:30:18 |
Jamie Strandboge |
suricata (Ubuntu Utopic): status |
In Progress |
Triaged |
|
| 2016-02-03 15:11:49 |
Louis Bouchard |
suricata (Ubuntu Utopic): status |
Triaged |
Won't Fix |
|
| 2016-02-03 15:11:54 |
Louis Bouchard |
suricata (Ubuntu Vivid): status |
Triaged |
Won't Fix |
|
