Snort mailing list archives
Snort 2.9.13 on OpenWrt - Inline with daq-nfq
From: Donald Hoskins via Snort-devel <snort-devel () lists snort org>
Date: Thu, 27 Jun 2019 12:22:50 -0400
I'm building Snort from source and bundling it with OpenWrt. It builds (once I put --disable-open-appid anyway, but that's a separate issue). Device has eth0, eth1, eth2, br-lan, and lo eth0 is the WAN, eth1 and eth2 are LAN bridged on br-lan. I'm running it inline with nfq, and get the following: snort -Q -c /etc/snort/snort.conf --daq-dir /usr/lib/daq ... nfq DAQ configured to inline. ERROR: Can't initialize DAQ nfq (-1) - nfq_daq_initialize: failed to get handle for nfq I've looked as far as I can online, even to the seclist archives. They all seem to say nfs isn't installed. However, root@OpenWrt:/etc/snort# snort --daq-dir /usr/lib/daq --daq-list Available DAQ modules: nfq(v7): live inline multi afpacket(v6): live inline multi unpriv dump(v4): readback live inline multi unpriv ipfw(v3): live inline multi unpriv pcap(v4): readback live multi unpriv afpacket does work, and I know nfq doesn't run unpriv'd, but on OpenWrt, everything runs as root. It's there, but I seem to be missing something somewhere. I started with the user list first, because I had hoped someone had ran into this and solved it. Any help would be appreciated!
_______________________________________________ Snort-devel mailing list Snort-devel () lists snort org https://lists.snort.org/mailman/listinfo/snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Snort 2.9.13 on OpenWrt - Inline with daq-nfq Donald Hoskins via Snort-users (Jun 25)
- <Possible follow-ups>
- Snort 2.9.13 on OpenWrt - Inline with daq-nfq Donald Hoskins via Snort-devel (Jun 28)