[Snort-devel] why libnet0 and libipq ?
justinjoseph007 at ...2499...
Wed Aug 12 08:43:05 EDT 2009
On Wed, Aug 12, 2009 at 12:05 AM, Will Metcalf<william.metcalf at ...2499...> wrote:
> Can you show me what modifications you made to the code? Also the
> output from lsmod..
Talking clue from the reply I figured out that the modules nfnetlink,
were not loaded (thought that shorewall does that on seeing QUEUE in
rules. My *silly* mistake, sorry).
Now --enable-nfnetlink works in snort_inline-220.127.116.11.
Code change was based on wrong assumption about a reported bug, had
only commented out
exit's when functions nfq_unbind_pf and nfq_bind_pf failed(they were
failing when modules were not there).
Apart from this on Ubuntu system had to add a header file dnet.h which
merely included the dumbnet headers,
for configure and compile to work.
Why was all this working code taken out and is not there in
snort-2.8.4(or other releases snort after merging)?
This is preventing distros from including inline feature(as mentioned
before). Doesn't make sense to me :-(
Note: ipq and 2.8.4 drops packets for me, but snort_inline-18.104.22.168
works fine(both ipq and nfnetlink)
More information about the Snort-devel