[LARTC] ip_queue module issue

Salim salim.si at askey.com.tw
Wed Jan 4 03:14:38 CET 2006 

it does work when iptables as a whole is built as a module.

----- Original Message -----
From: "Patrick McHardy" <kaber at trash.net>
To: "Salim" <salim.si at askey.com.tw>
Cc: <lartc at mailman.ds9a.nl>; "Netfilter Development Mailinglist"
<netfilter-devel at lists.netfilter.org>
Sent: Tuesday, January 03, 2006 8:58 PM
Subject: Re: [LARTC] ip_queue module issue


> Salim wrote:
> > Hi All,
> >    I am adding ip_queue module for snort inline IDS.
> >
> > I am using snort2.4.0
> > And iptables-1.3.4.
> >
> > Userspace Queuing(queue target) is enabled. It is built-in and not built
as
> > a module.
> > The output of /proc/net/ip_queue is shown below:
> >
> > cat /proc/net/ip_queue>
> > Peer PID          : 0
> > Copy mode         : 0
> > Copy range        : 0
> > Queue length      : 0
> > Queue max. length : 1024
> >
> >
> > IPTABLES 1.3.4 is being used and it is built with install-devel option
> > And libipq.a is seen in /lib directory.
> >
> > SNORT is also built in with following options:
> > ./configure --prefix=/usr/local/snort \
> > --with-libpcap-includes=/usr/local/snort-lib/include \
> > --with-libpcap-libraries=/usr/local/snort-lib/lib \
> > --with-libpcre-includes=/usr/local/snort-lib/include \
> > --with-libpcre-libraries=/usr/local/snort-lib/lib \
> > --with-libnet-includes=/usr/local/snort-lib/include \
> > --with-libnet-libraries=/usr/local/snort-lib/lib \
> > --with-libipq-includes=/usr/local/iptables/include \
> > --with-libipq-libraries=/usr/local/iptables/lib \
> > --enable-inline
> >
> > cat /proc/net/netlink>
> > sk       Eth Pid    Groups   Rmem     Wmem     Dump     Locks
> > c11c8040 0   0      00000000 0        0        00000000 2
> > c7ec0140 3   0      00000000 0        0        00000000 7
> > c11c8780 4   0      00000000 0        0        00000000 2
> > c7e74c40 5   0      00000000 0        0        00000000 2
> >
> > Starting SNORT now:
> > /usr/local/snort/bin/snort -Q -N -l /var/log/snortlog -t
> > /var/log/snortlog -s -D>
> > Initializing Inline mode
> > Reading from iptables
> > InitInline: : Failed to send netlink message: Connection refused
> > Starting snortd: FAILED
> >
> > cat /proc/net/netlink>
> > sk       Eth Pid    Groups   Rmem     Wmem     Dump     Locks
> > c11c8040 0   0      00000000 0        0        00000000 2
> > c7ec0140 3   0      00000000 0        0        00000000 8  >>>Locks
> > increasing
> > c11c8780 4   0      00000000 0        0        00000000 2
> > c7e74c40 5   0      00000000 0        0        00000000 2
> >
> > Can anybody please point me as to what could be the issue. As it is the
> > ip_queue
> > Is built in kernel and it is running as can be seen from cat
> > /proc/net/ip_queue
>
> Does it work if you build it as a module? If not please send the output
> of strace -s 1000 -f snort ...

More information about the LARTC mailing list