it does work when iptables as a whole is built as a module. ----- Original Message ----- From: "Patrick McHardy" <kaber@xxxxxxxxx> To: "Salim" <salim.si@xxxxxxxxxxxx> Cc: <lartc@xxxxxxxxxxxxxxx>; "Netfilter Development Mailinglist" <netfilter-devel@xxxxxxxxxxxxxxxxxxx> Sent: Tuesday, January 03, 2006 8:58 PM Subject: Re: ip_queue module issue > Salim wrote: > > Hi All, > > I am adding ip_queue module for snort inline IDS. > > > > I am using snort2.4.0 > > And iptables-1.3.4. > > > > Userspace Queuing(queue target) is enabled. It is built-in and not built as > > a module. > > The output of /proc/net/ip_queue is shown below: > > > > cat /proc/net/ip_queue> > > Peer PID : 0 > > Copy mode : 0 > > Copy range : 0 > > Queue length : 0 > > Queue max. length : 1024 > > > > > > IPTABLES 1.3.4 is being used and it is built with install-devel option > > And libipq.a is seen in /lib directory. > > > > SNORT is also built in with following options: > > ./configure --prefix=/usr/local/snort \ > > --with-libpcap-includes=/usr/local/snort-lib/include \ > > --with-libpcap-libraries=/usr/local/snort-lib/lib \ > > --with-libpcre-includes=/usr/local/snort-lib/include \ > > --with-libpcre-libraries=/usr/local/snort-lib/lib \ > > --with-libnet-includes=/usr/local/snort-lib/include \ > > --with-libnet-libraries=/usr/local/snort-lib/lib \ > > --with-libipq-includes=/usr/local/iptables/include \ > > --with-libipq-libraries=/usr/local/iptables/lib \ > > --enable-inline > > > > cat /proc/net/netlink> > > sk Eth Pid Groups Rmem Wmem Dump Locks > > c11c8040 0 0 00000000 0 0 00000000 2 > > c7ec0140 3 0 00000000 0 0 00000000 7 > > c11c8780 4 0 00000000 0 0 00000000 2 > > c7e74c40 5 0 00000000 0 0 00000000 2 > > > > Starting SNORT now: > > /usr/local/snort/bin/snort -Q -N -l /var/log/snortlog -t > > /var/log/snortlog -s -D> > > Initializing Inline mode > > Reading from iptables > > InitInline: : Failed to send netlink message: Connection refused > > Starting snortd: FAILED > > > > cat /proc/net/netlink> > > sk Eth Pid Groups Rmem Wmem Dump Locks > > c11c8040 0 0 00000000 0 0 00000000 2 > > c7ec0140 3 0 00000000 0 0 00000000 8 >>>Locks > > increasing > > c11c8780 4 0 00000000 0 0 00000000 2 > > c7e74c40 5 0 00000000 0 0 00000000 2 > > > > Can anybody please point me as to what could be the issue. As it is the > > ip_queue > > Is built in kernel and it is running as can be seen from cat > > /proc/net/ip_queue > > Does it work if you build it as a module? If not please send the output > of strace -s 1000 -f snort ... _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
