[Snort-devel] why libnet0 and libipq ?

justin joseph justinjoseph007 at ...2499...
Wed Aug 12 08:43:05 EDT 2009


On Wed, Aug 12, 2009 at 12:05 AM, Will Metcalf<william.metcalf at ...2499...> wrote:
> Can you show me what modifications you made to the code?  Also the
> output from lsmod..

Talking clue from the reply I figured out that the modules nfnetlink,
nfnetlink_queue
were not loaded (thought that shorewall does that on seeing QUEUE in
rules.  My *silly* mistake, sorry).
Now --enable-nfnetlink works in snort_inline-2.6.1.5.

Code change was based on wrong assumption about a reported bug, had
only commented out
exit's when functions nfq_unbind_pf and nfq_bind_pf failed(they were
failing when modules were not there).
Apart from this on Ubuntu system had to add a header file dnet.h which
merely included the dumbnet headers,
for configure  and compile to work.

Why was all this working code taken out and is not there in
snort-2.8.4(or other releases snort after merging)?
This is preventing distros from including inline feature(as mentioned
before).  Doesn't make sense to me :-(

thank you
Justin

Note:  ipq and 2.8.4 drops packets for me, but snort_inline-2.6.1.5
works fine(both ipq and nfnetlink)




More information about the Snort-devel mailing list