Snort mailing list archives
Re: DAQ 2.0.2, NFQ - DAQ error when trying to start snort
From: "Hui Cao (huica)" <huica () cisco com>
Date: Tue, 30 Sep 2014 18:52:52 +0000
Hi Peter, The code is to check whether you have configured the interface. NFQ will not allow interface. So I guess you have specified interface in your configuration. Best, Hui. From: Peter Fyon <peter.fyon () gmail com<mailto:peter.fyon () gmail com>> Date: Sunday, September 28, 2014 at 3:09 PM To: "snort-devel () lists sourceforge net<mailto:snort-devel () lists sourceforge net>" <snort-devel () lists sourceforge net<mailto:snort-devel () lists sourceforge net>> Subject: [Snort-devel] DAQ 2.0.2, NFQ - DAQ error when trying to start snort Hi Snort-devel, While trying to enable active defense on my snort setup (single interface on a SPAN port), I ran into this error: The nfq DAQ module does not support interface or readback mode! My C's a bit rusty, but looking at the code (see diff at the bottom) it seems like it just checks to see if the DAQ_Config_t name is set and fails out if so. I can't see the commit log so I don't know why this block of code was added, but everything works fine after commenting it out and recompiling. Did I just work around something that I shouldn't have? daq_nfq.c 200,204c200,204 < if(cfg->name && *(cfg->name)) < { < snprintf(errBuf, errMax, "The nfq DAQ module does not support interface or readback mode!"); < return DAQ_ERROR_INVAL; < } ---
// if(cfg->name && *(cfg->name)) // { // snprintf(errBuf, errMax, "The nfq DAQ module does not support interface or readback mode!"); // return DAQ_ERROR_INVAL; // }
Peter
------------------------------------------------------------------------------ Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- DAQ 2.0.2, NFQ - DAQ error when trying to start snort Peter Fyon (Sep 28)
- Re: DAQ 2.0.2, NFQ - DAQ error when trying to start snort Hui Cao (huica) (Sep 30)