Snort mailing list archives

RE: Snort Inline - ip_queue dies


From: "Slighter, Tim" <tslighter () itc nrcs usda gov>
Date: Tue, 11 Mar 2003 07:37:59 -0700

Hate to drag you over the coals, but need a few more answers.  You have the
normal build of snort-1.9.0 on your system right?  And then you compiled
snort-inline.tgz on top of that right?  You also succesfully built the
iptables-1.2.7a from netfilter?  Providing all of that has been done.
Wherever you "--prefix" snort-inline to...there will be a binary for
snort-inline.  Traditionally this binary will be in
/usr/local/snort/bin...this is the binary that you must use when running
snort-inline...otherwise you are using the normal snort binary and that will
not work.  In your command line, try and run the snort-inline binary in
daemon mode as well:

/usr/local/bin/snort -D -d -v -c /etc/snort/snort.conf -Q -i ppp0 -l
/var/log/snort/Mar_10/

-----Original Message-----
From: Jochen Vogel [mailto:jvogel () it-sec de]
Sent: Tuesday, March 11, 2003 1:44 AM
To: 'Slighter, Tim'; snort-users () sourceforge net
Subject: AW: [Snort-users] Snort Inline - ip_queue dies


hi,

i use:
-minimal RedHat8.0 with all updates
-iptables1.2.7a 
-snort_inline1.9.0 (1.9.1 wouldn´t compile)

-i used a kernel with ip_queue as module and did a modprobe ip_queue
-at the moment i use a kernel with the ip_queue in it

both kernel same failure
snort_inline works till the moment of the segmentation fault

thx for help
jo 

-----Ursprüngliche Nachricht-----
Von: Slighter, Tim [mailto:tslighter () itc nrcs usda gov]
Gesendet: Montag, 10. März 2003 19:27
An: 'Jochen Vogel'; snort-users () sourceforge net
Betreff: RE: [Snort-users] Snort Inline - ip_queue dies


did you verify that the mod exists for ip_queue?  "lsmod | 
grep ip_queue" or
just "lsmod" ??  if not, what I did to work around that is 
add that part
into the inline script or the snortd script near the 
top...../sbin/modprobe
ip_queue




-----Original Message-----
From: Jochen Vogel [mailto:jvogel () it-sec de]
Sent: Monday, March 10, 2003 9:40 AM
To: snort-users () sourceforge net
Subject: AW: [Snort-users] Snort Inline - ip_queue dies


if i start snort not as daemon

/usr/local/bin/snort -d -v -c /etc/snort/snort.conf -Q -i ppp0 -l
/var/log/snort/Mar_10/

i get an "segmentation fault" at the same moment i get the 
ip_queue failure


-----Ursprüngliche Nachricht-----
Von: Jochen Vogel [mailto:jvogel () it-sec de]
Gesendet: Montag, 10. März 2003 12:09
An: snort-users () sourceforge net
Betreff: [Snort-users] Snort Inline - ip_queue dies


hi,

i installed snort inline 1.9.0beta2
1.9.1 wouldn´t compile at the moment.
ip_queue is a module started with the iptables script

snort inline is working well, but sometimes i get the syslog
"snolin kernel: ip_queue: peer 6329 died, resetting state 
and flushing
queue"
after this message the snort daemon doesn´t exist anymore.

thx for help
jo



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



-------------------------------------------------------
This SF.net email is sponsored by:Crypto Challenge is now open!
Get cracking and register here for some mind boggling fun and
the chance of winning an Apple iPod:
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


Current thread: