Comment 0 for bug 1250439

Suricata in newer kernels (3.5 and upper) will complain like this:

 * NFQUEUE support not found !
 * Please ensure the nfnetlink_queue module is loaded or built in kernel

although nfnetlink_queue is loaded:

lsmod | grep nfnetlink_queue
nfnetlink_queue 17557 3
nfnetlink 13983 5 nf_conntrack_netlink,nfnetlink_queue

This happens because /etc/init.d/suricata does this check:

check_nfqueue() {
if [ ! -e /proc/net/netfilter/nf_queue ]; then
    log_failure_msg "NFQUEUE support not found !"
    log_failure_msg "Please ensure the nfnetlink_queue module is loaded or built in kernel"
    exit 5
fi
}

Nevertheless this only works in pre3.5 kernels as newer kernels have supressed ip_queue , in benefit of libnetfilter_queue.

Thus the script should check that nor /proc/net/netfilter/nf_queue nor /proc/net/netfilter/nfnetlink_queue existed.