[Snort-devel] Bug-report for snort 2.4.3 - interface + daemon

Steven Sturges steve.sturges at ...402...
Tue Jan 24 06:58:05 EST 2006


Thanks, Martin, I've entered these bugs into our queue.

As mentioned, there are work-arounds.

Cheers.
-steve

Martin Olsson wrote:
> Hi!
> 
> Two "bugs" found in snort 2.4.3 (build 27):
> (Running on FreeBSD)
> 
> 
> =====================================================================
> 1. Snort is touching an interface it shouldn't mess with
> 
> dc0 = my management interface (with an IP address)
> dc1 = my monitor interface (without any IP address)
> 
> In my snort.conf I have stated "config interface: dc1".
> On the commandline I have omitted the -i option since the interface is
> stated in snort.conf.
> 
> When starting snort it immediately touch my first interface (dc0).
> 
> Here is an example of the output from snort in testmode:
> 
> ~> snort -T -c snort.conf.dc1
> ***
> *** interface device lookup found: dc0    <-------------------
> ***
> Running in Test mode with config file:
> /etc/snort.conf.dc1
> Running in IDS mode
> 
>         --== Initializing Snort ==--
> Initializing Output Plugins!
> Decoding LoopBack on interface dc0        <-------------------
> Initializing Preprocessors!
> ...
> 
> 
> 
> In the syslog I also see that something is messing with dc0:
> 
> Jan 24 13:15:52 foo /kernel: dc0: TX underrun -- increasing TX threshold
> 
> 
> 
> I don't want snort to touch dc0 at all.
> Right now there's a workaround - specify "-i dc1" on the commandline.
> 
> 
> 
> =====================================================================
> 2. Snort doesn't enter daemon mode
> 
> In my snort.conf I have stated "config daemon".
> When starting snort some (but not all) things are logged to syslog instead
> of stdout, but the process is still running in the foreground.
> Right now there's a workaround - specify "-D" on the commandline.
> 
> 
> 
> So, both "bugs" have workarounds, but I still think they are in error.
> 
> 
> /Martin





More information about the Snort-devel mailing list