Snort mailing list archives
AW: Snort Inline - ip_queue dies
From: Jochen Vogel <jvogel () it-sec de>
Date: Wed, 12 Mar 2003 09:25:27 +0100
hi, i did the following -installed RedHat8.0 minimal -updated all packages over RHN -get kernel-2.4.18-26.8.0 from RHN -installed patch-o-matic-20030107 -installed iptables-1.2.7a -compiled a 2kernel (1 with ip_queue as module and 1 with ip_queue in the kernel) -compiled snort-inline1.9.0 with --enable-inline ------------------------------------------------------------ snort-inline1.9.0 would compile and work well for a few minutes till i get an segmentation fault snort-inline1.9.1 wouldn´t compile by a problem with libnet ------------------------------------------------------------ i saw that the ./configure from 1.9.1 check for libnet 1.0.x. 1.9.0 didn´t check the libnet version. i use libnet.h in version 1.1.1.1. thx for help jo
-----Ursprüngliche Nachricht----- Von: Slighter, Tim [mailto:tslighter () itc nrcs usda gov] Gesendet: Dienstag, 11. März 2003 15:38linux-2.4.18-26.8.0 An: 'Jochen Vogel' Cc: 'snort-users () sourceforge net' Betreff: RE: [Snort-users] Snort Inline - ip_queue dies Hate to drag you over the coals, but need a few more answers. You have the normal build of snort-1.9.0 on your system right? And then you compiled snort-inline.tgz on top of that right? You also succesfully built the iptables-1.2.7a from netfilter? Providing all of that has been done. Wherever you "--prefix" snort-inline to...there will be a binary for snort-inline. Traditionally this binary will be in /usr/local/snort/bin...this is the binary that you must use when running snort-inline...otherwise you are using the normal snort binary and that will not work. In your command line, try and run the snort-inline binary in daemon mode as well: /usr/local/bin/snort -D -d -v -c /etc/snort/snort.conf -Q -i ppp0 -l /var/log/snort/Mar_10/ -----Original Message----- From: Jochen Vogel [mailto:jvogel () it-sec de] Sent: Tuesday, March 11, 2003 1:44 AM To: 'Slighter, Tim'; snort-users () sourceforge net Subject: AW: [Snort-users] Snort Inline - ip_queue dies hi, i use: -minimal RedHat8.0 with all updates -iptables1.2.7a -snort_inline1.9.0 (1.9.1 wouldn´t compile) -i used a kernel with ip_queue as module and did a modprobe ip_queue -at the moment i use a kernel with the ip_queue in it both kernel same failure snort_inline works till the moment of the segmentation fault thx for help jo-----Ursprüngliche Nachricht----- Von: Slighter, Tim [mailto:tslighter () itc nrcs usda gov] Gesendet: Montag, 10. März 2003 19:27 An: 'Jochen Vogel'; snort-users () sourceforge net Betreff: RE: [Snort-users] Snort Inline - ip_queue dies did you verify that the mod exists for ip_queue? "lsmod | grep ip_queue" or just "lsmod" ?? if not, what I did to work around that is add that part into the inline script or the snortd script near the top...../sbin/modprobe ip_queue -----Original Message----- From: Jochen Vogel [mailto:jvogel () it-sec de] Sent: Monday, March 10, 2003 9:40 AM To: snort-users () sourceforge net Subject: AW: [Snort-users] Snort Inline - ip_queue dies if i start snort not as daemon /usr/local/bin/snort -d -v -c /etc/snort/snort.conf -Q -i ppp0 -l /var/log/snort/Mar_10/ i get an "segmentation fault" at the same moment i get the ip_queue failure-----Ursprüngliche Nachricht----- Von: Jochen Vogel [mailto:jvogel () it-sec de] Gesendet: Montag, 10. März 2003 12:09 An: snort-users () sourceforge net Betreff: [Snort-users] Snort Inline - ip_queue dies hi, i installed snort inline 1.9.0beta2 1.9.1 wouldn´t compile at the moment. ip_queue is a module started with the iptables script snort inline is working well, but sometimes i get the syslog "snolin kernel: ip_queue: peer 6329 died, resetting stateand flushingqueue" after this message the snort daemon doesn´t exist anymore. thx for help jo ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This SF.net email is sponsored by:Crypto Challenge is now open! Get cracking and register here for some mind boggling fun and the chance of winning an Apple iPod: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- AW: Snort Inline - ip_queue dies Jochen Vogel (Mar 10)
- <Possible follow-ups>
- AW: Snort Inline - ip_queue dies Jochen Vogel (Mar 11)
- AW: Snort Inline - ip_queue dies Jochen Vogel (Mar 12)
- Re: AW: Snort Inline - ip_queue dies Erek Adams (Mar 12)
- Re: AW: Snort Inline - ip_queue dies Jeff Nathan (Mar 13)
- Re: AW: Snort Inline - ip_queue dies webcatalog (Mar 12)
- Re: AW: Snort Inline - ip_queue dies Erek Adams (Mar 12)