Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort Inline incompatible libipq???

From: Tomas Heredia <tomas.heredia () activesec biz>
Date: Wed, 22 Sep 2010 09:08:51 -0300
 El 22/09/2010 08:54 a.m., Tomas Heredia escribió:

I can´t try it right now, but if I recall right, nfnetlink_queue and
ip_queue do the same thing, and shouldn´t be loaded together..
Try unloading ip_queue (but keeping nfnetlink_queue)

Mmmm.. Snort links to libipq... and to use nfnetlink queue, yo shoud
link to libnfnetlink_queue instead...
Better try unloading nfnetlink_queue, nfnetlink and XT_NFQUEUE, and then
loading  ip_queue alone

HTH!




El 21/09/2010 04:47 p.m., spiderslack escribió:

On 09/21/2010 03:34 PM, Tomas Heredia wrote:

That gave me a hint... I'm recalling from past failures :-)
did you "modprobe ip_queue"?
could you post  your "lsmod"?

Hi Tomas.

Following bellow

root@nascimento:~# lsmod
Module                  Size  Used by
nfnetlink_queue         8141  0
nfnetlink               4142  1 nfnetlink_queue
xt_NFQUEUE              2344  0
*ip_queue*                6324  0
xt_tcpudp               2667  0
*iptable_filter  *        2791  0
ip_tables              18358  1 iptable_filter
x_tables               22429  3 xt_NFQUEUE,xt_tcpudp,ip_tables
bridge                 53152  0
stp                     2171  1 bridge
fbcon                  39270  71
tileblit                2487  1 fbcon
font                    8053  1 fbcon
bitblit                 5811  1 fbcon
softcursor              1565  1 bitblit
vga16fb                12757  1
vgastate                9857  1 vga16fb
radeon                739595  0
ttm                    60815  1 radeon
drm_kms_helper         30710  1 radeon
ipmi_si                41065  0
ipmi_msghandler        36955  1 ipmi_si
lp                      9336  0
parport                37160  1 lp
drm                   198226  3 radeon,ttm,drm_kms_helper
i2c_algo_bit            6024  1 radeon
hpilo                   7985  0
i3000_edac              3679  0
psmouse                64608  0
serio_raw               4950  0
shpchp                 33679  0
edac_core              45423  3 i3000_edac
usbhid                 40988  0
hid                    83376  1 usbhid
tg3                   122350  0
root@nascimento:~#


This module ip_queue is loaded.

Regards.





------------------------------------------------------------------------------
Start uncovering the many advantages of virtual appliances
and start using them to simplify application deployment and
accelerate your shift to cloud computing.
http://p.sf.net/sfu/novell-sfdev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: