|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Russ Combs (rcombs
sourcefire.com)
Date: Thu Feb 02 2012 - 09:30:48 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Thu, Feb 2, 2012 at 9:09 AM, Sudarshan Raghavan <
sudarshan.t.raghavangmail.com> wrote:
> I can see in the 2.8.5 sources that ipq_read error does not result in
> snort exiting. It calls ipq_perror and continues to read. Is this an
> ok behaviour to go back to. It is not ideal but having snort die is
> not the best solution either. Can I get rid of the break in
> PacketLoop?
>
What version of the DAQ tarball and IPQ DAQ (./snort --daq-list) are you
using? That should have been fixed a while back.
Assuming you have the latest, if you are only running IPQ updating snort.c
is an option. If you might run other DAQs, including pcap, suggest making
the change in the IPQ DAQ module itself (daq_ipq.c).
Also, it would be helpful if you could send the specific error so that can
be ignored.
> On Thu, Feb 2, 2012 at 7:18 PM, Sudarshan Raghavan
> <sudarshan.t.raghavangmail.com> wrote:
> > Do I have to increase some buffer size? Can the -1 error from ipq_read
> > be ignored? I am seeing this error every time I try to upload a 60MB
> > file over HTTP.
> >
> > Regards,
> > Sudarshan
> >
> > On Thu, Feb 2, 2012 at 7:05 PM, Sudarshan Raghavan
> > <sudarshan.t.raghavangmail.com> wrote:
> >> Snort Version: 2.9.1.2 IPv6 GRE
> >> libpcap: 0.8.3
> >> pcre: 7.0 18-Dec-2006
> >> zlib: 1.2.3
> >> Linux Kernel: 2.6.37.3 (32 bit)
> >>
> >> We are snort exit when trying a http file upload with this error
> >> "Can't acquire (-1) - ipq_daq_acquire: ipq_read=-1 error Failed to
> >> receive netlink message". Has anyone seen this error message before?
> >>
> >> Regards,
> >> Sudarshan
>
>
> ------------------------------------------------------------------------------
> Keep Your Developer Skills Current with LearnDevNow!
> The most comprehensive online learning library for Microsoft developers
> is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
> Metro Style Apps, more. Free future releases when you subscribe now!
> http://p.sf.net/sfu/learndevnow-d2d
> _______________________________________________
> Snort-users mailing list
> Snort-userslists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
------------------------------------------------------------------------------
Keep Your Developer Skills Current with LearnDevNow!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-d2d
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Please visit http://blog.snort.org to stay current on all the latest Snort news!
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]