Snort mailing list archives

Normalizations are not applied using divert sockets

From: "C. L. Martinez via Snort-users" <snort-users () lists snort org>
Date: Sat, 30 Dec 2017 18:30:18 +0100

Hi all,

 I have installed Snort under an OpenBSD vm to do some tests and I have configured divert sockets to use Snort as an 
IPS. I have configured the following under Snort:

config policy_mode: inline
config daq: ipfw
config daq_dir: /usr/local/lib/daq/
config daq_mode: inline
config daq_var: port=9000

 ... and I have adjusted my PF rules. But when snort starts up, the following warning appears:

Dec 30 17:23:07 highlands snort[29952]: WARNING: ip4 normalizations disabled because not inline.
Dec 30 17:23:07 highlands snort[29952]: WARNING: tcp normalizations disabled because not inline.
Dec 30 17:23:07 highlands snort[29952]: WARNING: icmp4 normalizations disabled because not inline.
Dec 30 17:23:07 highlands snort[29952]: WARNING: ip6 normalizations disabled because not inline.
Dec 30 17:23:07 highlands snort[29952]: WARNING: icmp6 normalizations disabled because not inline.

 Do I need to pass -Q to snort or is it a bug? Snort release is 2.9.9.0 (released as a port for OpenBSD 6.2)...

Thanks
-- 
Greetings,
C. L. Martinez
_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Current thread:

Normalizations are not applied using divert sockets C. L. Martinez via Snort-users (Dec 30)
- Re: Normalizations are not applied using divert sockets (SOLVED) C. L. Martinez via Snort-users (Dec 31)