[Snort-devel] DAQ 2.0.2, NFQ - DAQ error when trying to start snort

Hui Cao (huica) huica at ...3461...
Tue Sep 30 14:52:52 EDT 2014


Hi Peter,

The code is to check whether you have configured the interface.  NFQ will not allow interface. So I guess you have specified interface in your configuration.

Best,
Hui.

From: Peter Fyon <peter.fyon at ...2499...<mailto:peter.fyon at ...2499...>>
Date: Sunday, September 28, 2014 at 3:09 PM
To: "snort-devel at lists.sourceforge.net<mailto:snort-devel at ...362....net>" <snort-devel at lists.sourceforge.net<mailto:snort-devel at ...2763...rge.net>>
Subject: [Snort-devel] DAQ 2.0.2, NFQ - DAQ error when trying to start snort

Hi Snort-devel,

While trying to enable active defense on my snort setup (single interface on a SPAN port), I ran into this error:

The nfq DAQ module does not support interface or readback mode!

My C's a bit rusty, but looking at the code (see diff at the bottom) it seems like it just checks to see if the DAQ_Config_t name is set and fails out if so. I can't see the commit log so I don't know why this block of code was added, but everything works fine after commenting it out and recompiling. Did I just work around something that I shouldn't have?

daq_nfq.c
200,204c200,204
<     if(cfg->name && *(cfg->name))
<     {
<         snprintf(errBuf, errMax, "The nfq DAQ module does not support interface or readback mode!");
<         return DAQ_ERROR_INVAL;
<     }
---
> //    if(cfg->name && *(cfg->name))
> //    {
> //        snprintf(errBuf, errMax, "The nfq DAQ module does not support interface or readback mode!");
> //        return DAQ_ERROR_INVAL;
> //    }


Peter
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20140930/844281b2/attachment.html>


More information about the Snort-devel mailing list