[Snort-devel] Snort 3 ipfw multithreading errors

Shravan Rangarajuvenkata (shrarang) shrarang at cisco.com
Thu Oct 25 12:52:38 EDT 2018


Unfortunately, this is a bug in snort3 in multi-threaded mode. We will fix this issue ASAP. Thanks for reporting it!

Thanks,
Shravan

From: Snort-devel <snort-devel-bounces at lists.snort.org> on behalf of "yunus.can at arjeta.com.tr" <yunus.can at arjeta.com.tr>
Date: Wednesday, October 24, 2018 at 4:09 AM
To: "snort-devel at lists.snort.org" <snort-devel at lists.snort.org>
Subject: [Snort-devel] Snort 3 ipfw multithreading errors

Hello,

I use snort3 run option with multithreading and daq module ipfw and port 5000 but I cant start snort3
I was see error this

ipfw DAQ configured to passive.
Commencing packet processing
++ [0]
++ [1]
++ [2]
Can't start DAQ (-1) - ipfw_daq_start: can't bind divert socket (Address already in use)

Analyzer: Failed to start DAQ instance
Can't start DAQ (-1) - ipfw_daq_start: can't bind divert socket (Address already in use)

Analyzer: Failed to start DAQ instance
-- [0]
-- [2]


Can you help with this error ?


Freebsd Versions :

FreeBSD snort 11.2-RELEASE-p4



Snort Versions :
   ,,_     -*> Snort++ <*-
  o"  )~   Version 3.0.0 (Build 247) FreeBSD
   ''''    By Martin Roesch & The Snort Team
           http://snort.org/contact#team
           Copyright (C) 2014-2018 Cisco and/or its affiliates. All rights reserved.
           Copyright (C) 1998-2013 Sourcefire, Inc., et al.
           Using DAQ version 2.2.2
           Using LuaJIT version 2.0.5
           Using OpenSSL 1.0.2p  14 Aug 2018
           Using libpcap version 1.9.0-PRE-GIT
           Using PCRE version 8.41 2017-07-05
           Using ZLIB version 1.2.11
           Using FlatBuffers 1.8.0
           Using Hyperscan version 4.7.0 2018-10-03
           Using LZMA version 5.2.3



Run Command :

/usr/local/snort/bin/snort -c /usr/local/snort/etc/snort/snort.lua --daq ipfw --daq-var port=5000 -l /var/log/snort -k none -A alert_full -z 3
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20181025/b17b91e7/attachment.html>


More information about the Snort-devel mailing list