Hi All, I am adding ip_queue module for snort inline IDS. I am using snort2.4.0 And iptables-1.3.4. Userspace Queuing(queue target) is enabled. It is built-in and not built as a module. The output of /proc/net/ip_queue is shown below: cat /proc/net/ip_queue> Peer PID : 0 Copy mode : 0 Copy range : 0 Queue length : 0 Queue max. length : 1024 IPTABLES 1.3.4 is being used and it is built with install-devel option And libipq.a is seen in /lib directory. SNORT is also built in with following options: ./configure --prefix=/usr/local/snort \ --with-libpcap-includes=/usr/local/snort-lib/include \ --with-libpcap-libraries=/usr/local/snort-lib/lib \ --with-libpcre-includes=/usr/local/snort-lib/include \ --with-libpcre-libraries=/usr/local/snort-lib/lib \ --with-libnet-includes=/usr/local/snort-lib/include \ --with-libnet-libraries=/usr/local/snort-lib/lib \ --with-libipq-includes=/usr/local/iptables/include \ --with-libipq-libraries=/usr/local/iptables/lib \ --enable-inline cat /proc/net/netlink> sk Eth Pid Groups Rmem Wmem Dump Locks c11c8040 0 0 00000000 0 0 00000000 2 c7ec0140 3 0 00000000 0 0 00000000 7 c11c8780 4 0 00000000 0 0 00000000 2 c7e74c40 5 0 00000000 0 0 00000000 2 Starting SNORT now: /usr/local/snort/bin/snort -Q -N -l /var/log/snortlog -t /var/log/snortlog -s -D> Initializing Inline mode Reading from iptables InitInline: : Failed to send netlink message: Connection refused Starting snortd: FAILED cat /proc/net/netlink> sk Eth Pid Groups Rmem Wmem Dump Locks c11c8040 0 0 00000000 0 0 00000000 2 c7ec0140 3 0 00000000 0 0 00000000 8 >>>Locks increasing c11c8780 4 0 00000000 0 0 00000000 2 c7e74c40 5 0 00000000 0 0 00000000 2 Can anybody please point me as to what could be the issue. As it is the ip_queue Is built in kernel and it is running as can be seen from cat /proc/net/ip_queue Any pointers would be greatly appreciated. regards Salim _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
