[Snort-users] buglet in daq afpacket

Russ Combs rcombs at ...1935...
Thu Apr 28 11:00:17 EDT 2011


This is actually working as intended.

In test mode, Snort won't try to determine the interface automatically to
avoid requiring higher privileges.  However, if you specify DAQ options in
test mode, those will be validated as well and that means you will need to
specify an interface depending on DAQ.

On Thu, Apr 14, 2011 at 6:31 PM, Russ Combs <rcombs at ...1935...> wrote:

> OK - it is supposed to validate the DAQ as well when that is explicitly
> configured.
>
> However, not it should have defaulted to eth0 so there should be no need
> for the -i.
>
> I'll have a look.
>
> On Thu, Apr 14, 2011 at 5:37 PM, Jason Haar <Jason.Haar at ...294...>wrote:
>
>> Hi there
>>
>> If you call snort-2.9.0.5 with the "-T" option to test the config, you
>> get an error with afpacket that you don't get when you don't have any
>> daq detail in the config.
>>
>> Namely, "snort -T -c file.conf" works fine when daq isn't mentioned, but
>> errors with:
>>
>> ERROR: Can't initialize DAQ afpacket (-1) - afpacket_daq_initialize:
>> Invalid interface specification: ''!
>>
>> ...when you call it with "config daq: afpacket"
>>
>> It can be fixed by calling "-T" with an interface (eg "-i eth0"), but
>> that isn't needed when daq isn't mentioned...
>>
>> --
>> Cheers
>>
>> Jason Haar
>> Information Security Manager, Trimble Navigation Ltd.
>> Phone: +64 3 9635 377 Fax: +64 3 9635 417
>> PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Benefiting from Server Virtualization: Beyond Initial Workload
>> Consolidation -- Increasing the use of server virtualization is a top
>> priority.Virtualization can reduce costs, simplify management, and improve
>> application availability and disaster protection. Learn more about
>> boosting
>> the value of server virtualization. http://p.sf.net/sfu/vmware-sfdev2dev
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20110428/f16abb9d/attachment.html>


More information about the Snort-users mailing list