Snort mailing list archives
Re: [Snort-announce] run snort on GRE tunnel interface?
From: Martin Roesch <roesch () sourcefire com>
Date: Tue, 26 Jun 2001 16:35:19 -0400
Snort doesn't support GRE decoding yet, so it won't run on a GRE interface. The segfault is incidental to the shutdown process, something we have to clean up, but even if we cleaned that up it wouldn't run. I've been planning on adding GRE decoding for a while, but if you want/need it before I get to it, adding decoders to Snort isn't especially hard. If you want to take a shot at it, feel free (and also feel free to ask any questions you might have about the process). -Marty Andreas Dembach wrote:
Hi, snort version 1.7 SEGFAULTS if told to listen on a GRE tunnel interface: ----------------------- # snort -h xx.xx.xx.xx/24 -c /etc/snort/snort.conf -S"HOME_NET=xx.xx.xx.xx/24" -l /var/log/snort -b -d -u snort -g snort -s -i gre0 Initializing Network Interface gre0 Warning: arptype 778 not supported by libpcap - falling back to cooked socket snort cannot handle data link type 113 Exiting... Segmentation fault # ------------------------------- Is this a snort problem or one of libpcap? tcpdump complains (but works anyway):Warning: arptype 778 not supported by libpcap - falling back to cookedsockettcpdump: listening on gre0Im am running on linux with a 2.2.17 kernel and libpcap0 0.6.2-1 Any ideas or comments? Andreas Dembach _______________________________________________ Snort-announce mailing list Snort-announce () lists sourceforge net http://lists.sourceforge.net/lists/listinfo/snort-announce
-- Martin Roesch roesch () sourcefire com http://www.sourcefire.com - http://www.snort.org _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: [Snort-announce] run snort on GRE tunnel interface? Martin Roesch (Jun 26)