[Snort-users] Snort inline mode Unable to create netlink socket

Joel Esler jesler at ...1935...
Thu Apr 22 13:31:49 EDT 2010


Can you paste your snort command line options?

What happens when you run 'modprobe ip_queue'?

J

On Apr 22, 2010, at 7:16 AM, Jose Valdivia wrote:

> Hello,
> 
> I have a debian box running kernel version 2.6.33.2
> 
> I compile from source snort-2.8.5.3 using ./configure --enable-inline,
> I can run Snort IDS mode with out problems and alert me correctly.
> 
> I'm trying to run it on IPS mode using snort -Q command but I got:
> 
>        --== Initializing Snort ==--
> Initializing Inline mode
> InlineInit: : Unable to create netlink socket: Bad file descriptor
> 
> ----------------------------------------------------------------------------------------------
> I read it can be related to the Kernel options on netfilter submenu
> but I enable all the options already:
> 
> more .config | grep IP_NF
> # CONFIG_IP_NF_QUEUE is not set
> CONFIG_IP_NF_IPTABLES=y
> CONFIG_IP_NF_MATCH_ADDRTYPE=m
> CONFIG_IP_NF_MATCH_AH=m
> CONFIG_IP_NF_MATCH_ECN=m
> CONFIG_IP_NF_MATCH_TTL=m
> CONFIG_IP_NF_FILTER=y
> CONFIG_IP_NF_TARGET_REJECT=m
> CONFIG_IP_NF_TARGET_LOG=m
> CONFIG_IP_NF_TARGET_ULOG=m
> CONFIG_IP_NF_TARGET_MASQUERADE=y
> CONFIG_IP_NF_TARGET_NETMAP=m
> CONFIG_IP_NF_TARGET_REDIRECT=m
> CONFIG_IP_NF_MANGLE=m
> CONFIG_IP_NF_TARGET_CLUSTERIP=m
> CONFIG_IP_NF_TARGET_ECN=m
> CONFIG_IP_NF_TARGET_TTL=m
> CONFIG_IP_NF_RAW=m
> CONFIG_IP_NF_SECURITY=m
> CONFIG_IP_NF_ARPTABLES=me
> CONFIG_IP_NF_ARPFILTER=m
> CONFIG_IP_NF_ARP_MANGLE=m
> 
> 
> I already try to insert all the modules availble using insmod, but I
> still getting the same error, can some please can point me in the
> right direction ?? Thanks in advance.
> 
> Jose Valdivia
> WebSite: http://soad1982.blogspot.com
> 
> Let the Linux begin !!!!
> 
> ------------------------------------------------------------------------------
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

--
Joel Esler











More information about the Snort-users mailing list