Re: No bridging support with Daq?

[Jason Wallace <jason.r.wallace () gmail com>]

On Thu, Dec 16, 2010 at 3:37 PM, Russ Combs <rcombs () sourcefire com> wrote:
> On Thu, Dec 16, 2010 at 3:30 PM, Jason Wallace <jason.r.wallace () gmail com>
> wrote:
> > The issue with Gentoo and the IPQ and NFQ DAQs is that the current
> > ebuild for libdnet does not compile with PIC so we get relocation
> > errors when we try to build those DAQs. We need to get the libdnet
> > package maintainer to roll a package with the PIC USE flag before I
> > can add IPQ and NFQ support to the DAQ ebuild.
> >
> > If you use afpacket you shouldn't need to bridge should you? Isn't
> > that the point of assigning interface pairs?
> >
> > ./snort --daq afpacket -i eth0:eth1
> >
> > Rather than...
> >
> > ./snort --daq afpacket -i bond0
>
> Correct.  config daq_var: device=eth1:eth0 is not correct.

Did you mean is correct?

> NA please check the DAQ tarball README.
>
> You can run as shown above or with config interface: eth0:eth1.
>
> The afpacket DAQ takes care of the bridging.
>
>
> > Wally
> >
> >
> >
> > On Thu, Dec 16, 2010 at 2:31 PM, Russ Combs <rcombs () sourcefire com> wrote:
> > > Which DAQ are you using and how are you trying to configure it?
> > >
> > > Can you send your Snort command line and any config daq* items from your
> > > conf?
> > >
> > > On Thu, Dec 16, 2010 at 2:11 PM, NA <dustypath () comcast net> wrote:
> > > > I have a new Gentoo install with Snort 2.901, attempting inline mode. I
> > > > set up bridging but can not assign or pass the proper interface(s) to
> > > > Daq. It seems daq needs two interfaces to work with such as: eth0:eth1.
> > > > Since I am using bridging this throws an error, Snort ignores anything
> > > > I
> > > > pass to Daq, presumably because bridging is not supported.
> > > > Gentoo is limited right now as it only supports pcap, afpacket and dump
> > > > Daq types. Pcap will not do inline mode, afpacket is not working and
> > > > dump is not used inline (assumed), only for testing or forensics.
> > > > So, am I correct above, and if/when Gentoo supports NFQ will that
> > > > support bridging?
> > > > Thanks
> > > >
> > > >
> > > >
> > > > ------------------------------------------------------------------------------
> > > > Lotusphere 2011
> > > > Register now for Lotusphere 2011 and learn how
> > > > to connect the dots, take your collaborative environment
> > > > to the next level, and enter the era of Social Business.
> > > > http://p.sf.net/sfu/lotusphere-d2d
> > > > _______________________________________________
> > > > Snort-devel mailing list
> > > > Snort-devel () lists sourceforge net
> > > > https://lists.sourceforge.net/lists/listinfo/snort-devel
> > >
> > >
> > >
> > > ------------------------------------------------------------------------------
> > > Lotusphere 2011
> > > Register now for Lotusphere 2011 and learn how
> > > to connect the dots, take your collaborative environment
> > > to the next level, and enter the era of Social Business.
> > > http://p.sf.net/sfu/lotusphere-d2d
> > > _______________________________________________
> > > Snort-devel mailing list
> > > Snort-devel () lists sourceforge net
> > > https://lists.sourceforge.net/lists/listinfo/snort-devel

------------------------------------------------------------------------------
Lotusphere 2011
Register now for Lotusphere 2011 and learn how
to connect the dots, take your collaborative environment
to the next level, and enter the era of Social Business.
http://p.sf.net/sfu/lotusphere-d2d
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel