All of lore.kernel.org
 help / color / mirror / Atom feed
From: Patrick McHardy <kaber@trash.net>
To: Salim <salim.si@askey.com.tw>
Cc: lartc@mailman.ds9a.nl,
	Netfilter Development Mailinglist
	<netfilter-devel@lists.netfilter.org>
Subject: Re: [LARTC] ip_queue module issue
Date: Tue, 03 Jan 2006 12:58:37 +0000	[thread overview]
Message-ID: <43BA74FD.9030205@trash.net> (raw)
In-Reply-To: <002301c61010$3fa46f60$455f030a@askeyrd3>

Salim wrote:
> Hi All,
>    I am adding ip_queue module for snort inline IDS.
> 
> I am using snort2.4.0
> And iptables-1.3.4.
> 
> Userspace Queuing(queue target) is enabled. It is built-in and not built as
> a module.
> The output of /proc/net/ip_queue is shown below:
> 
> cat /proc/net/ip_queue>
> Peer PID          : 0
> Copy mode         : 0
> Copy range        : 0
> Queue length      : 0
> Queue max. length : 1024
> 
> 
> IPTABLES 1.3.4 is being used and it is built with install-devel option
> And libipq.a is seen in /lib directory.
> 
> SNORT is also built in with following options:
> ./configure --prefix=/usr/local/snort \
> --with-libpcap-includes=/usr/local/snort-lib/include \
> --with-libpcap-libraries=/usr/local/snort-lib/lib \
> --with-libpcre-includes=/usr/local/snort-lib/include \
> --with-libpcre-libraries=/usr/local/snort-lib/lib \
> --with-libnet-includes=/usr/local/snort-lib/include \
> --with-libnet-libraries=/usr/local/snort-lib/lib \
> --with-libipq-includes=/usr/local/iptables/include \
> --with-libipq-libraries=/usr/local/iptables/lib \
> --enable-inline
> 
> cat /proc/net/netlink>
> sk       Eth Pid    Groups   Rmem     Wmem     Dump     Locks
> c11c8040 0   0      00000000 0        0        00000000 2
> c7ec0140 3   0      00000000 0        0        00000000 7
> c11c8780 4   0      00000000 0        0        00000000 2
> c7e74c40 5   0      00000000 0        0        00000000 2
> 
> Starting SNORT now:
> /usr/local/snort/bin/snort -Q -N -l /var/log/snortlog -t
> /var/log/snortlog -s -D>
> Initializing Inline mode
> Reading from iptables
> InitInline: : Failed to send netlink message: Connection refused
> Starting snortd: FAILED
> 
> cat /proc/net/netlink>
> sk       Eth Pid    Groups   Rmem     Wmem     Dump     Locks
> c11c8040 0   0      00000000 0        0        00000000 2
> c7ec0140 3   0      00000000 0        0        00000000 8  >>>Locks
> increasing
> c11c8780 4   0      00000000 0        0        00000000 2
> c7e74c40 5   0      00000000 0        0        00000000 2
> 
> Can anybody please point me as to what could be the issue. As it is the
> ip_queue
> Is built in kernel and it is running as can be seen from cat
> /proc/net/ip_queue

Does it work if you build it as a module? If not please send the output
of strace -s 1000 -f snort ...
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

WARNING: multiple messages have this Message-ID (diff)
From: Patrick McHardy <kaber@trash.net>
To: Salim <salim.si@askey.com.tw>
Cc: lartc@mailman.ds9a.nl,
	Netfilter Development Mailinglist
	<netfilter-devel@lists.netfilter.org>
Subject: Re: [LARTC] ip_queue module issue
Date: Tue, 03 Jan 2006 13:58:37 +0100	[thread overview]
Message-ID: <43BA74FD.9030205@trash.net> (raw)
In-Reply-To: <002301c61010$3fa46f60$455f030a@askeyrd3>

Salim wrote:
> Hi All,
>    I am adding ip_queue module for snort inline IDS.
> 
> I am using snort2.4.0
> And iptables-1.3.4.
> 
> Userspace Queuing(queue target) is enabled. It is built-in and not built as
> a module.
> The output of /proc/net/ip_queue is shown below:
> 
> cat /proc/net/ip_queue>
> Peer PID          : 0
> Copy mode         : 0
> Copy range        : 0
> Queue length      : 0
> Queue max. length : 1024
> 
> 
> IPTABLES 1.3.4 is being used and it is built with install-devel option
> And libipq.a is seen in /lib directory.
> 
> SNORT is also built in with following options:
> ./configure --prefix=/usr/local/snort \
> --with-libpcap-includes=/usr/local/snort-lib/include \
> --with-libpcap-libraries=/usr/local/snort-lib/lib \
> --with-libpcre-includes=/usr/local/snort-lib/include \
> --with-libpcre-libraries=/usr/local/snort-lib/lib \
> --with-libnet-includes=/usr/local/snort-lib/include \
> --with-libnet-libraries=/usr/local/snort-lib/lib \
> --with-libipq-includes=/usr/local/iptables/include \
> --with-libipq-libraries=/usr/local/iptables/lib \
> --enable-inline
> 
> cat /proc/net/netlink>
> sk       Eth Pid    Groups   Rmem     Wmem     Dump     Locks
> c11c8040 0   0      00000000 0        0        00000000 2
> c7ec0140 3   0      00000000 0        0        00000000 7
> c11c8780 4   0      00000000 0        0        00000000 2
> c7e74c40 5   0      00000000 0        0        00000000 2
> 
> Starting SNORT now:
> /usr/local/snort/bin/snort -Q -N -l /var/log/snortlog -t
> /var/log/snortlog -s -D>
> Initializing Inline mode
> Reading from iptables
> InitInline: : Failed to send netlink message: Connection refused
> Starting snortd: FAILED
> 
> cat /proc/net/netlink>
> sk       Eth Pid    Groups   Rmem     Wmem     Dump     Locks
> c11c8040 0   0      00000000 0        0        00000000 2
> c7ec0140 3   0      00000000 0        0        00000000 8  >>>Locks
> increasing
> c11c8780 4   0      00000000 0        0        00000000 2
> c7e74c40 5   0      00000000 0        0        00000000 2
> 
> Can anybody please point me as to what could be the issue. As it is the
> ip_queue
> Is built in kernel and it is running as can be seen from cat
> /proc/net/ip_queue

Does it work if you build it as a module? If not please send the output
of strace -s 1000 -f snort ...

  reply	other threads:[~2006-01-03 12:58 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-01-03  2:48 [LARTC] ip_queue module issue Salim
2006-01-03 12:58 ` Patrick McHardy [this message]
2006-01-03 12:58   ` Patrick McHardy
2006-01-04  2:14   ` Salim
2006-01-04  2:14     ` Salim
2006-01-04  7:13     ` [LARTC] " Patrick McHardy
2006-01-04  7:13       ` Patrick McHardy

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=43BA74FD.9030205@trash.net \
    --to=kaber@trash.net \
    --cc=lartc@mailman.ds9a.nl \
    --cc=netfilter-devel@lists.netfilter.org \
    --cc=salim.si@askey.com.tw \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.