[Snort-users] Errors initializing Snort with netmap support

Michael Altizer mialtize at ...589...
Thu Nov 13 11:43:46 EST 2014


Unfortunately, the NIOCREGIF ioctl will return EINVAL for a large 
variety of reasons and I can't reproduce what you're seeing on my 
FreeBSD 10 system.  Your best bet is going to be modifying 
/usr/src/sys/dev/netmap/netmap_kern.h and changing the definition of 
ND() like this:

#define ND(format, ...) D(format, ##__VA_ARGS__)

Then recompile the kernel and sysctl dev.netmap.verbose=1.

After that, all of the built-in messages should be going out to 
dmesg/syslog, so hopefully there's some in the code path leading up to 
the unsuccessful registration.  If not, you're going to need to add some 
more messages to the code path yourself.  All of it is contained in 
/usr/src/sys/dev/netmap/netmap.c starting in the NIOCREGIF case of 
netmap_ioctl().  (Some things like the NETMAP API version being 
mismatched or the interface not being netmap-capable that will return 
EINVAL do not have explicit messages from my quick once-over of the code.)

On 11/12/2014 02:43 AM, C. L. Martinez wrote:
> Michael,
>
>   For all your questions, answer is yes. FreeBSD 's kernel is compiled
> with netmap support, and network interfaces too:
>
> Nov 11 07:49:48 nsm01 kernel: 001.000006 netmap_attach [2244] success for em0
> Nov 11 07:49:48 nsm01 kernel: em1: <Intel(R) PRO/1000 Legacy Network
> Connection 1.0.6> port 0xc0c0-0xc0ff mem 0xf20a0000-0xf20bffff irq 10
> at device 6.0 on pci0
> Nov 11 07:49:48 nsm01 kernel: em1: Ethernet address: 52:54:00:10:53:a0
> Nov 11 07:49:48 nsm01 kernel: 001.000007 netmap_attach [2244] success for em1
>
> On Tue, Nov 11, 2014 at 6:08 PM, Michael Altizer <xiche at ...3147...> wrote:
>> Just as a sanity check, did you follow the instructions in the README
>> and recompile the FreeBSD kernel with netmap support (and then boot into
>> it)?  If so, are there any messages in dmesg  when you attempt this?  To
>> verify that netmap support is enabled for em0, you should see something
>> like this:
>>
>> # dmesg | grep netmap
>> netmap: loaded module
>> 001.000006 netmap_attach [2244] success for em0
>>
>> On 10/29/2014 01:57 PM, C. L. Martinez wrote:
>>> Any ideas about this??
>>>
>>> On Wed, Oct 29, 2014 at 7:12 AM, C. L. Martinez <carlopmart at ...11827...> wrote:
>>>> Hi all,
>>>>
>>>>    Starting Snort with netmap support in DAQ, returns me the following error:
>>>>
>>>> FATAL ERROR: Can't start DAQ (-1) - start_instance: Netmap
>>>> registration for em0 failed: Invalid argument (22)!
>>>>
>>>> DAQ conf:
>>>>
>>>> config daq: netmap
>>>> config daq_dir: /opt/daq/lib/daq
>>>> config daq_mode: passive
>>>> #config daq_var:
>>>>
>>>> Snort startup command is: "snort -D -q -c /etc/snort/snort.conf -i em0"
>>>>
>>>> Do I need to setup something else?? Snort is 2.9.7.0 under FreeBSD 10 host
>>> ------------------------------------------------------------------------------
>>> _______________________________________________
>>> Snort-users mailing list
>>> Snort-users at lists.sourceforge.net
>>> Go to this URL to change user options or unsubscribe:
>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>> Snort-users list archive:
>>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>>>
>>> Please visit http://blog.snort.org to stay current on all the latest Snort news!
>>
>> ------------------------------------------------------------------------------
>> Comprehensive Server Monitoring with Site24x7.
>> Monitor 10 servers for $9/Month.
>> Get alerted through email, SMS, voice calls or mobile push notifications.
>> Take corrective actions from your mobile device.
>> http://pubads.g.doubleclick.net/gampad/clk?id=154624111&iu=/4140/ostg.clktrk
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>>
>> Please visit http://blog.snort.org to stay current on all the latest Snort news!
> ------------------------------------------------------------------------------
> Comprehensive Server Monitoring with Site24x7.
> Monitor 10 servers for $9/Month.
> Get alerted through email, SMS, voice calls or mobile push notifications.
> Take corrective actions from your mobile device.
> http://pubads.g.doubleclick.net/gampad/clk?id=154624111&iu=/4140/ostg.clktrk
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort news!





More information about the Snort-users mailing list