Snort mailing list archives
Re: DAQ 2.0.2, NFQ - DAQ error when trying to start snort
From: Peter Fyon <peter.fyon () gmail com>
Date: Sat, 4 Oct 2014 10:42:40 -0400
Thanks Hui, I removed the -i eth0 from my snort command line options and it started without the warning. Not quite sure why the DAQ fails to load if you specify an interface for snort since, as I found by commenting out that chunk of code, it looks like the DAQ options override the snort ones. Peter On Tue, Sep 30, 2014 at 2:52 PM, Hui Cao (huica) <huica () cisco com> wrote:
Hi Peter, The code is to check whether you have configured the interface. NFQ will not allow interface. So I guess you have specified interface in your configuration. Best, Hui. From: Peter Fyon <peter.fyon () gmail com> Date: Sunday, September 28, 2014 at 3:09 PM To: "snort-devel () lists sourceforge net" <snort-devel () lists sourceforge netSubject: [Snort-devel] DAQ 2.0.2, NFQ - DAQ error when trying to start snort Hi Snort-devel, While trying to enable active defense on my snort setup (single interface on a SPAN port), I ran into this error: The nfq DAQ module does not support interface or readback mode! My C's a bit rusty, but looking at the code (see diff at the bottom) it seems like it just checks to see if the DAQ_Config_t name is set and fails out if so. I can't see the commit log so I don't know why this block of code was added, but everything works fine after commenting it out and recompiling. Did I just work around something that I shouldn't have? daq_nfq.c 200,204c200,204 < if(cfg->name && *(cfg->name)) < { < snprintf(errBuf, errMax, "The nfq DAQ module does not support interface or readback mode!"); < return DAQ_ERROR_INVAL; < } ---// if(cfg->name && *(cfg->name)) // { // snprintf(errBuf, errMax, "The nfq DAQ module does not supportinterface or readback mode!");// return DAQ_ERROR_INVAL; // }Peter
------------------------------------------------------------------------------ Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Re: DAQ 2.0.2, NFQ - DAQ error when trying to start snort Peter Fyon (Oct 04)
- Re: DAQ 2.0.2, NFQ - DAQ error when trying to start snort Russ Combs (rucombs) (Oct 04)