Snort mailing list archives

Re: buglet in daq afpacket

From: Russ Combs <rcombs () sourcefire com>
Date: Thu, 28 Apr 2011 11:00:17 -0400

This is actually working as intended.

In test mode, Snort won't try to determine the interface automatically to
avoid requiring higher privileges.  However, if you specify DAQ options in
test mode, those will be validated as well and that means you will need to
specify an interface depending on DAQ.

On Thu, Apr 14, 2011 at 6:31 PM, Russ Combs <rcombs () sourcefire com> wrote:

OK - it is supposed to validate the DAQ as well when that is explicitly
configured.

However, not it should have defaulted to eth0 so there should be no need
for the -i.

I'll have a look.

On Thu, Apr 14, 2011 at 5:37 PM, Jason Haar <Jason.Haar () trimble co nz>wrote:

Hi there

If you call snort-2.9.0.5 with the "-T" option to test the config, you
get an error with afpacket that you don't get when you don't have any
daq detail in the config.

Namely, "snort -T -c file.conf" works fine when daq isn't mentioned, but
errors with:

ERROR: Can't initialize DAQ afpacket (-1) - afpacket_daq_initialize:
Invalid interface specification: ''!

...when you call it with "config daq: afpacket"

It can be fixed by calling "-T" with an interface (eg "-i eth0"), but
that isn't needed when daq isn't mentioned...

--
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1



------------------------------------------------------------------------------
Benefiting from Server Virtualization: Beyond Initial Workload
Consolidation -- Increasing the use of server virtualization is a top
priority.Virtualization can reduce costs, simplify management, and improve
application availability and disaster protection. Learn more about
boosting
the value of server virtualization. http://p.sf.net/sfu/vmware-sfdev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

------------------------------------------------------------------------------
WhatsUp Gold - Download Free Network Management Software
The most intuitive, comprehensive, and cost-effective network 
management toolset available today.  Delivers lowest initial 
acquisition cost and overall TCO of any competing solution.
http://p.sf.net/sfu/whatsupgold-sd

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

buglet in daq afpacket Jason Haar (Apr 14)
- Re: buglet in daq afpacket Joel Esler (Apr 14)
- Re: buglet in daq afpacket Russ Combs (Apr 14)
  - Re: buglet in daq afpacket Russ Combs (Apr 28)