Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: DAQ 2.0.2, NFQ - DAQ error when trying to start snort

From: "Hui Cao (huica)" <huica () cisco com>
Date: Tue, 30 Sep 2014 18:52:52 +0000
Hi Peter,

The code is to check whether you have configured the interface.  NFQ will not allow interface. So I guess you have 
specified interface in your configuration.

Best,
Hui.

From: Peter Fyon <peter.fyon () gmail com<mailto:peter.fyon () gmail com>>
Date: Sunday, September 28, 2014 at 3:09 PM
To: "snort-devel () lists sourceforge net<mailto:snort-devel () lists sourceforge net>" <snort-devel () lists 
sourceforge net<mailto:snort-devel () lists sourceforge net>>
Subject: [Snort-devel] DAQ 2.0.2, NFQ - DAQ error when trying to start snort

Hi Snort-devel,

While trying to enable active defense on my snort setup (single interface on a SPAN port), I ran into this error:

The nfq DAQ module does not support interface or readback mode!

My C's a bit rusty, but looking at the code (see diff at the bottom) it seems like it just checks to see if the 
DAQ_Config_t name is set and fails out if so. I can't see the commit log so I don't know why this block of code was 
added, but everything works fine after commenting it out and recompiling. Did I just work around something that I 
shouldn't have?

daq_nfq.c
200,204c200,204
<     if(cfg->name && *(cfg->name))
<     {
<         snprintf(errBuf, errMax, "The nfq DAQ module does not support interface or readback mode!");
<         return DAQ_ERROR_INVAL;
<     }
---

//    if(cfg->name && *(cfg->name))
//    {
//        snprintf(errBuf, errMax, "The nfq DAQ module does not support interface or readback mode!");
//        return DAQ_ERROR_INVAL;
//    }



Peter

------------------------------------------------------------------------------
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: