Snort mailing list archives
Re: Snort 2.9, RHEL 5 and afpacket DAQ
From: beenph <beenph () gmail com>
Date: Mon, 18 Oct 2010 15:22:52 -0400
My be would be that your kernel does not have built-in support for mmapped socket_io (which is built-in since 2.6.34ishh) if i remember.. What is your kernel version? -elz On Mon, Oct 18, 2010 at 2:28 PM, Ralf Spenneberg <ralf () spenneberg de> wrote:
Hi, I am playing around with Snort 2.9.0 on RHEL 5. Using the DAQ libraries with libpcap works fine. But the afpacket daq module always bails on loading: # snort --daq afpacket Running in packet dump mode --== Initializing Snort ==-- Initializing Output Plugins! afpacket DAQ configured to passive. Acquiring network traffic from "eth0". --== Initialization Complete ==-- ,,_ -*> Snort! <*- o" )~ Version 2.9.0 (Build 68) '''' By Martin Roesch & The Snort Team: http://www.snort.org/snort/snort-team Copyright (C) 1998-2010 Sourcefire, Inc., et al. Using libpcap version 1.1.1 Using PCRE version: 6.6 06-Feb-2006 Commencing packet processing (pid=3329) Decoding Ethernet ERROR: Can't start DAQ (-1) - create_rx_ring: Couldn't create kernel RX ring on packet socket: Cannot allocate memory! Fatal Error, Quitting.. It works fine on Fedora 13. I have searched the mailing lists but have not found any clue. Does the kernel on RHEL 5 (2.6.18) not provide the necessary interface? It would be fine if stated in the README or FAQ but I have not found anything. Any hints, clues, advices? Kind regards, Ralf ------------------------------------------------------------------------------ Download new Adobe(R) Flash(R) Builder(TM) 4 The new Adobe(R) Flex(R) 4 and Flash(R) Builder(TM) 4 (formerly Flex(R) Builder(TM)) enable the development of rich applications that run across multiple browsers and platforms. Download your free trials today! http://p.sf.net/sfu/adobe-dev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ Download new Adobe(R) Flash(R) Builder(TM) 4 The new Adobe(R) Flex(R) 4 and Flash(R) Builder(TM) 4 (formerly Flex(R) Builder(TM)) enable the development of rich applications that run across multiple browsers and platforms. Download your free trials today! http://p.sf.net/sfu/adobe-dev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort 2.9, RHEL 5 and afpacket DAQ Ralf Spenneberg (Oct 18)
- Re: Snort 2.9, RHEL 5 and afpacket DAQ beenph (Oct 18)
- Re: Snort 2.9, RHEL 5 and afpacket DAQ Russ Combs (Oct 18)
- Re: Snort 2.9, RHEL 5 and afpacket DAQ Ralf Spenneberg (Oct 18)
- Re: Snort 2.9, RHEL 5 and afpacket DAQ Michael Altizer (Oct 18)
- Re: Snort 2.9, RHEL 5 and afpacket DAQ Ralf Spenneberg (Oct 19)
- Re: Snort 2.9, RHEL 5 and afpacket DAQ Ralf Spenneberg (Oct 20)
- Re: Snort 2.9, RHEL 5 and afpacket DAQ Michael Altizer (Oct 20)
- Re: Snort 2.9, RHEL 5 and afpacket DAQ Russ Combs (Oct 18)
- Re: Snort 2.9, RHEL 5 and afpacket DAQ beenph (Oct 18)
- <Possible follow-ups>
- Re: Snort 2.9, RHEL 5 and afpacket DAQ Rich Graves (Oct 20)
- Re: Snort 2.9, RHEL 5 and afpacket DAQ Eoin Miller (Oct 20)
- Re: Snort 2.9, RHEL 5 and afpacket DAQ Mike Lococo (Oct 20)
- Re: Snort 2.9, RHEL 5 and afpacket DAQ beenph (Oct 20)
- Re: Snort 2.9, RHEL 5 and afpacket DAQ Eoin Miller (Oct 20)