Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: DAQ 2.0.2, NFQ - DAQ error when trying to start snort

From: Peter Fyon <peter.fyon () gmail com>
Date: Sat, 4 Oct 2014 10:42:40 -0400
Thanks Hui,

I removed the -i eth0 from my snort command line options and it started
without the warning. Not quite sure why the DAQ fails to load if you
specify an interface for snort since, as I found by commenting out that
chunk of code, it looks like the DAQ options override the snort ones.

Peter

On Tue, Sep 30, 2014 at 2:52 PM, Hui Cao (huica) <huica () cisco com> wrote:


 Hi Peter,

 The code is to check whether you have configured the interface.  NFQ
will not allow interface. So I guess you have specified interface in your
configuration.

 Best,
Hui.

  From: Peter Fyon <peter.fyon () gmail com>
Date: Sunday, September 28, 2014 at 3:09 PM
To: "snort-devel () lists sourceforge net" <snort-devel () lists sourceforge net



Subject: [Snort-devel] DAQ 2.0.2, NFQ - DAQ error when trying to start
snort

  Hi Snort-devel,

 While trying to enable active defense on my snort setup (single
interface on a SPAN port), I ran into this error:

 The nfq DAQ module does not support interface or readback mode!

 My C's a bit rusty, but looking at the code (see diff at the bottom) it
seems like it just checks to see if the DAQ_Config_t name is set and fails
out if so. I can't see the commit log so I don't know why this block of
code was added, but everything works fine after commenting it out and
recompiling. Did I just work around something that I shouldn't have?

 daq_nfq.c
 200,204c200,204
  <     if(cfg->name && *(cfg->name))
<     {
<         snprintf(errBuf, errMax, "The nfq DAQ module does not support
interface or readback mode!");
<         return DAQ_ERROR_INVAL;
<     }
---

//    if(cfg->name && *(cfg->name))
//    {
//        snprintf(errBuf, errMax, "The nfq DAQ module does not support

interface or readback mode!");

//        return DAQ_ERROR_INVAL;
//    }



 Peter


------------------------------------------------------------------------------
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: