Snort mailing list archives
Re: Problems Enabling IPQ and NFQ
From: MMartin () jwpepper com
Date: Fri, 7 Mar 2014 18:01:20 -0500
All, So I've checked and double checked and I do have the modules installed, as you can see below... Is it possible the ones I have installed are too new? I'm running out of ideas... Here's my most recent configure command: ./configure --enable-ipq-module --enable-nfq-module --prefix=/usr --libdir=/lib64 --includedir=/include checking libipq.h usability... no checking libipq.h presence... no checking for libipq.h... no checking for linux/netfilter.h... yes checking for netinet/in.h... (cached) yes checking libnetfilter_queue/libnetfilter_queue.h usability... no checking libnetfilter_queue/libnetfilter_queue.h presence... no checking for libnetfilter_queue/libnetfilter_queue.h... no :............................................................ :........................blah blah................. :............................................................ Build AFPacket DAQ module.. : yes Build Dump DAQ module...... : yes Build IPFW DAQ module...... : yes Build IPQ DAQ module....... : no Build NFQ DAQ module....... : no Build PCAP DAQ module...... : yes ######################################################## Here are searches for the Modules: snortIDS:/ # find ./ -iname "libnetfilter_queue*" /usr/include/libnetfilter_queue-1.0.2 /usr/include/libnetfilter_queue-1.0.2/libnetfilter_queue /usr/include/libnetfilter_queue-1.0.2/libnetfilter_queue/libnetfilter_queue_tcp.h /usr/include/libnetfilter_queue-1.0.2/libnetfilter_queue/libnetfilter_queue_udp.h /usr/include/libnetfilter_queue-1.0.2/libnetfilter_queue/libnetfilter_queue.h /usr/include/libnetfilter_queue-1.0.2/libnetfilter_queue/libnetfilter_queue_ipv4.h /usr/include/libnetfilter_queue-1.0.2/libnetfilter_queue/libnetfilter_queue_ipv6.h /usr/lib64/pkgconfig/libnetfilter_queue.pc /usr/lib64/libnetfilter_queue.so.1.3.0 /usr/lib64/libnetfilter_queue.so /usr/lib64/libnetfilter_queue.so.1 /usr/lib/libnetfilter_queue.so.1.3.0 /usr/lib/libnetfilter_queue.so.1 ------------------------------------------------------------------------------ snortIDS:/ # find ./ -iname "libnf*" /usr/include/libnfnetlink-1.0.1 /usr/include/libnfnetlink-1.0.1/libnfnetlink /usr/include/libnfnetlink-1.0.1/libnfnetlink/libnfnetlink.h /usr/share/doc/packages/libnfnetlink0 /usr/lib64/libnfnetlink.so.0 /usr/lib64/pkgconfig/libnfnetlink.pc /usr/lib64/libnfsidmap.so.0.3.0 /usr/lib64/libnfnetlink.so.0.2.0 /usr/lib64/libnfsidmap.so.0 /usr/lib64/libnfsidmap /usr/lib64/libnfnetlink.so /usr/lib/libnfnetlink.so.0 /usr/lib/libnfnetlink.so.0.2.0 ------------------------------------------------------------------------------ snortIDS:/ # find ./ -iname "*ipq*" /usr/include/libipq.h /usr/include/iptables-1.4.16.3/libipq.h /usr/local/src/daq-2.0.2/os-daq-modules/daq_ipq.c /usr/local/src/daq-2.0.2/os-daq-modules/.deps/libdaq_static_modules_la-daq_ipq.Plo /usr/local/src/daq-2.0.2/os-daq-modules/.deps/daq_ipq_la-daq_ipq.Plo /usr/local/lib64/daq/daq_ipq.so /usr/local/lib64/daq/libipq.so /usr/local/lib64/libipq.so.0 /usr/local/lib64/libipq.so /usr/local/lib64/libipq.so.0.0.0 /usr/share/man/man3/ipq_errstr.3.gz /usr/share/man/man3/ipq_set_verdict.3.gz /usr/share/man/man3/ipq_message_type.3.gz /usr/share/man/man3/ipq_read.3.gz /usr/share/man/man3/ipq_get_msgerr.3.gz /usr/share/man/man3/ipq_set_mode.3.gz /usr/share/man/man3/libipq.3.gz /usr/share/man/man3/ipq_perror.3.gz /usr/share/man/man3/ipq_destroy_handle.3.gz /usr/share/man/man3/ipq_create_handle.3.gz /usr/share/man/man3/ipq_get_packet.3.gz /usr/lib64/pkgconfig/libipq.pc /usr/lib64/libipq.so.0 /usr/lib64/libipq.so /usr/lib64/libipq.so.0.0.0 Looks like I have everything... Why does configure not find IPQ and NFQ?? Any ideas what could possibly be going on here? Thanks in Advance, Matt So I used the zypper command and searched for the libnetfilter and I have the following packages installed, see below... The packages listed below that are preceeded with an 'i' are installed... Do I have the correct ones? I'm running on 64-bit so I didn't download the ones labeled with 32 bit. # zypper search libnetfilter Loading repository data... Reading installed packages... --+--------------------------------------------- i | libnetfilter_acct-devel i | libnetfilter_acct1 | libnetfilter_acct1-32bit i | libnetfilter_conntrack-devel i | libnetfilter_conntrack3 | libnetfilter_conntrack3-32bit i | libnetfilter_cthelper-devel i | libnetfilter_cthelper0 | libnetfilter_cthelper0-32bit i | libnetfilter_cttimeout-devel i | libnetfilter_cttimeout1 | libnetfilter_cttimeout1-32bit i | libnetfilter_log-devel i | libnetfilter_log1 | libnetfilter_log1-32bit i | libnetfilter_queue-devel i | libnetfilter_queue1 | libnetfilter_queue1-32bit # zypper search libnfnetlink Loading repository data... Reading installed packages... S | Name --+----------------------------- i | libnfnetlink-devel i | libnfnetlink0 i | libnfnetlink0-32bit Those are the correct packages, right? I also searched on my machine for libipq and found the following (*I searched within the /usr dir...): snortIDS:/usr # find ./ -iname "*ipq*" ./include/iptables-1.4.16.3/libipq.h ./local/src/daq-2.0.2/os-daq-modules/daq_ipq.c ./local/src/daq-2.0.2/os-daq-modules/.deps/libdaq_static_modules_la-daq_ipq.Plo ./local/src/daq-2.0.2/os-daq-modules/.deps/daq_ipq_la-daq_ipq.Plo ./local/lib64/daq/daq_ipq.so ./local/lib64/daq/libipq.so ./local/lib64/libipq.so.0 ./local/lib64/libipq.so ./local/lib64/libipq.so.0.0.0 ./lib64/pkgconfig/libipq.pc ./lib64/libipq.so.0 ./lib64/libipq.so ./lib64/libipq.so.0.0.0 I feel like I do have everything and maybe DAQ just isn't finding it...? Thanks Again, Matt ------------------------------------------------------------------------------ Subversion Kills Productivity. Get off Subversion & Make the Move to Perforce. With Perforce, you get hassle-free workflows. Merge that actually works. Faster operations. Version large binaries. Built-in WAN optimization and the freedom to use Git, Perforce or both. Make the move to Perforce. http://pubads.g.doubleclick.net/gampad/clk?id=122218951&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Subversion Kills Productivity. Get off Subversion & Make the Move to Perforce. With Perforce, you get hassle-free workflows. Merge that actually works. Faster operations. Version large binaries. Built-in WAN optimization and the freedom to use Git, Perforce or both. Make the move to Perforce. http://pubads.g.doubleclick.net/gampad/clk?id=122218951&iu=/4140/ostg.clktrk
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Problems Enabling IPQ and NFQ MMartin (Mar 07)
- Re: Problems Enabling IPQ and NFQ Y M (Mar 07)
- Re: Problems Enabling IPQ and NFQ Hui cao (Mar 07)
- Re: Problems Enabling IPQ and NFQ MMartin (Mar 07)
- Re: Problems Enabling IPQ and NFQ MMartin (Mar 07)
- Re: Problems Enabling IPQ and NFQ James Lay (Mar 07)
- Re: Problems Enabling IPQ and NFQ MMartin (Mar 11)
- Re: Problems Enabling IPQ and NFQ MMartin (Mar 07)
- <Possible follow-ups>
- Re: Problems Enabling IPQ and NFQ MMartin (Mar 07)
- Problems Enabling IPQ and NFQ MMartin (Mar 10)