[Snort-users] snort_inline --enable-nfnetlink - error during nfq_unbind_pf()

Morgan Cox morgancoxuk at ...11827...
Thu Oct 2 07:52:42 EDT 2008


Hi,

I have just successfully compiled snort-inline from svn for Arch Linux 64.
(the offical 2.8.3 just segfaulted when using the -Q on all 64 bit systems i
have tried...)

I have compiled with --enable-nfnetlink - I have installed
libnetfilter_queue + libnetfilter from AUR

When starting snort - using -  /usr/local/bin/snort_inline -Q -D -i br0 -l
/var/log/snort -c /etc/snort/snort.conf

It starts - i.e i get the correct output then after a few secs I get

 NFNETLINK answers: Invalid argument

error during nfq_unbind_pf()


In case this helps here is my lsmod


[root at ...14426... ~]# lsmod
Module                  Size  Used by
xt_tcpudp               3776  1
iptable_filter          3520  1
ip_tables              19152  1 iptable_filter
nf_conntrack_ipv4      16216  0
nf_conntrack           62736  1 nf_conntrack_ipv4
xt_NFQUEUE              2368  0
x_tables               19656  3 xt_tcpudp,ip_tables,xt_NFQUEUE
parport_pc             39368  1
ppdev                   8520  0
lp                     11524  0
parport                36848  3 parport_pc,ppdev,lp
ppp_generic            26152  0
pcspkr                  3136  0
k8temp                  5312  0
ohci_hcd               23556  0
i2c_amd8111             5632  0
i2c_amd756              6724  0
usbcore               151256  2 ohci_hcd
i2c_core               22112  2 i2c_amd8111,i2c_amd756
amd_rng                 3080  0
shpchp                 33696  0
pci_hotplug            28600  1 shpchp
sg                     32224  0
evdev                  11392  0
thermal                18656  0
processor              36928  1 thermal
fan                     5320  0
button                  7648  0
battery                12808  0
ac                      5384  0
nfnetlink_queue         9988  0
nfnetlink               4488  1 nfnetlink_queue
tun                    11140  0
ip_queue                8728  1
bridge                 54952  0
llc                     6496  1 bridge
tg3                   121668  0
slhc                    6144  1 ppp_generic
rtc_cmos               11192  0
rtc_core               18628  1 rtc_cmos
rtc_lib                 3200  1 rtc_core
ext3                  136336  2
jbd                    48232  1 ext3
mbcache                 8388  1 ext3
sd_mod                 25344  4
sr_mod                 17028  0
cdrom                  37480  1 sr_mod
aic79xx               178396  3
scsi_transport_spi     24640  1 aic79xx
ata_generic             6340  0
pata_amd               13764  0
pata_acpi               5440  0
libata                164256  3 ata_generic,pata_amd,pata_acpi
scsi_mod              109560  6
sg,sd_mod,sr_mod,aic79xx,scsi_transport_spi,libata
dock                    9312  1 libata

Can anyone help ?

Cheers
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20081002/e14d4966/attachment.html>


More information about the Snort-users mailing list