Snort mailing list archives
Re: Problems Enabling IPQ and NFQ
From: MMartin () jwpepper com
Date: Fri, 7 Mar 2014 18:01:20 -0500
All,
So I've checked and double checked and I do have the modules installed, as
you can see below...
Is it possible the ones I have installed are too new? I'm running out of
ideas...
Here's my most recent configure command:
./configure --enable-ipq-module --enable-nfq-module --prefix=/usr
--libdir=/lib64 --includedir=/include
checking libipq.h usability... no
checking libipq.h presence... no
checking for libipq.h... no
checking for linux/netfilter.h... yes
checking for netinet/in.h... (cached) yes
checking libnetfilter_queue/libnetfilter_queue.h usability... no
checking libnetfilter_queue/libnetfilter_queue.h presence... no
checking for libnetfilter_queue/libnetfilter_queue.h... no
:............................................................
:........................blah blah.................
:............................................................
Build AFPacket DAQ module.. : yes
Build Dump DAQ module...... : yes
Build IPFW DAQ module...... : yes
Build IPQ DAQ module....... : no
Build NFQ DAQ module....... : no
Build PCAP DAQ module...... : yes
########################################################
Here are searches for the Modules:
snortIDS:/ # find ./ -iname "libnetfilter_queue*"
/usr/include/libnetfilter_queue-1.0.2
/usr/include/libnetfilter_queue-1.0.2/libnetfilter_queue
/usr/include/libnetfilter_queue-1.0.2/libnetfilter_queue/libnetfilter_queue_tcp.h
/usr/include/libnetfilter_queue-1.0.2/libnetfilter_queue/libnetfilter_queue_udp.h
/usr/include/libnetfilter_queue-1.0.2/libnetfilter_queue/libnetfilter_queue.h
/usr/include/libnetfilter_queue-1.0.2/libnetfilter_queue/libnetfilter_queue_ipv4.h
/usr/include/libnetfilter_queue-1.0.2/libnetfilter_queue/libnetfilter_queue_ipv6.h
/usr/lib64/pkgconfig/libnetfilter_queue.pc
/usr/lib64/libnetfilter_queue.so.1.3.0
/usr/lib64/libnetfilter_queue.so
/usr/lib64/libnetfilter_queue.so.1
/usr/lib/libnetfilter_queue.so.1.3.0
/usr/lib/libnetfilter_queue.so.1
------------------------------------------------------------------------------
snortIDS:/ # find ./ -iname "libnf*"
/usr/include/libnfnetlink-1.0.1
/usr/include/libnfnetlink-1.0.1/libnfnetlink
/usr/include/libnfnetlink-1.0.1/libnfnetlink/libnfnetlink.h
/usr/share/doc/packages/libnfnetlink0
/usr/lib64/libnfnetlink.so.0
/usr/lib64/pkgconfig/libnfnetlink.pc
/usr/lib64/libnfsidmap.so.0.3.0
/usr/lib64/libnfnetlink.so.0.2.0
/usr/lib64/libnfsidmap.so.0
/usr/lib64/libnfsidmap
/usr/lib64/libnfnetlink.so
/usr/lib/libnfnetlink.so.0
/usr/lib/libnfnetlink.so.0.2.0
------------------------------------------------------------------------------
snortIDS:/ # find ./ -iname "*ipq*"
/usr/include/libipq.h
/usr/include/iptables-1.4.16.3/libipq.h
/usr/local/src/daq-2.0.2/os-daq-modules/daq_ipq.c
/usr/local/src/daq-2.0.2/os-daq-modules/.deps/libdaq_static_modules_la-daq_ipq.Plo
/usr/local/src/daq-2.0.2/os-daq-modules/.deps/daq_ipq_la-daq_ipq.Plo
/usr/local/lib64/daq/daq_ipq.so
/usr/local/lib64/daq/libipq.so
/usr/local/lib64/libipq.so.0
/usr/local/lib64/libipq.so
/usr/local/lib64/libipq.so.0.0.0
/usr/share/man/man3/ipq_errstr.3.gz
/usr/share/man/man3/ipq_set_verdict.3.gz
/usr/share/man/man3/ipq_message_type.3.gz
/usr/share/man/man3/ipq_read.3.gz
/usr/share/man/man3/ipq_get_msgerr.3.gz
/usr/share/man/man3/ipq_set_mode.3.gz
/usr/share/man/man3/libipq.3.gz
/usr/share/man/man3/ipq_perror.3.gz
/usr/share/man/man3/ipq_destroy_handle.3.gz
/usr/share/man/man3/ipq_create_handle.3.gz
/usr/share/man/man3/ipq_get_packet.3.gz
/usr/lib64/pkgconfig/libipq.pc
/usr/lib64/libipq.so.0
/usr/lib64/libipq.so
/usr/lib64/libipq.so.0.0.0
Looks like I have everything... Why does configure not find IPQ and NFQ??
Any ideas what could possibly be going on here?
Thanks in Advance,
Matt
So I used the zypper command and searched for the libnetfilter and I have
the following packages installed, see below...
The packages listed below that are preceeded with an 'i' are installed...
Do I have the correct ones?
I'm running on 64-bit so I didn't download the ones labeled with 32 bit.
# zypper search libnetfilter
Loading repository data...
Reading installed packages...
--+---------------------------------------------
i | libnetfilter_acct-devel
i | libnetfilter_acct1
| libnetfilter_acct1-32bit
i | libnetfilter_conntrack-devel
i | libnetfilter_conntrack3
| libnetfilter_conntrack3-32bit
i | libnetfilter_cthelper-devel
i | libnetfilter_cthelper0
| libnetfilter_cthelper0-32bit
i | libnetfilter_cttimeout-devel
i | libnetfilter_cttimeout1
| libnetfilter_cttimeout1-32bit
i | libnetfilter_log-devel
i | libnetfilter_log1
| libnetfilter_log1-32bit
i | libnetfilter_queue-devel
i | libnetfilter_queue1
| libnetfilter_queue1-32bit
# zypper search libnfnetlink
Loading repository data...
Reading installed packages...
S | Name
--+-----------------------------
i | libnfnetlink-devel
i | libnfnetlink0
i | libnfnetlink0-32bit
Those are the correct packages, right?
I also searched on my machine for libipq and found the following (*I
searched within the /usr dir...):
snortIDS:/usr # find ./ -iname "*ipq*"
./include/iptables-1.4.16.3/libipq.h
./local/src/daq-2.0.2/os-daq-modules/daq_ipq.c
./local/src/daq-2.0.2/os-daq-modules/.deps/libdaq_static_modules_la-daq_ipq.Plo
./local/src/daq-2.0.2/os-daq-modules/.deps/daq_ipq_la-daq_ipq.Plo
./local/lib64/daq/daq_ipq.so
./local/lib64/daq/libipq.so
./local/lib64/libipq.so.0
./local/lib64/libipq.so
./local/lib64/libipq.so.0.0.0
./lib64/pkgconfig/libipq.pc
./lib64/libipq.so.0
./lib64/libipq.so
./lib64/libipq.so.0.0.0
I feel like I do have everything and maybe DAQ just isn't finding it...?
Thanks Again,
Matt
------------------------------------------------------------------------------
Subversion Kills Productivity. Get off Subversion & Make the Move to
Perforce.
With Perforce, you get hassle-free workflows. Merge that actually works.
Faster operations. Version large binaries. Built-in WAN optimization and
the
freedom to use Git, Perforce or both. Make the move to Perforce.
http://pubads.g.doubleclick.net/gampad/clk?id=122218951&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
Please visit http://blog.snort.org to stay current on all the latest Snort
news!
------------------------------------------------------------------------------ Subversion Kills Productivity. Get off Subversion & Make the Move to Perforce. With Perforce, you get hassle-free workflows. Merge that actually works. Faster operations. Version large binaries. Built-in WAN optimization and the freedom to use Git, Perforce or both. Make the move to Perforce. http://pubads.g.doubleclick.net/gampad/clk?id=122218951&iu=/4140/ostg.clktrk
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Problems Enabling IPQ and NFQ MMartin (Mar 07)
- Re: Problems Enabling IPQ and NFQ Y M (Mar 07)
- Re: Problems Enabling IPQ and NFQ Hui cao (Mar 07)
- Re: Problems Enabling IPQ and NFQ MMartin (Mar 07)
- Re: Problems Enabling IPQ and NFQ MMartin (Mar 07)
- Re: Problems Enabling IPQ and NFQ James Lay (Mar 07)
- Re: Problems Enabling IPQ and NFQ MMartin (Mar 11)
- Re: Problems Enabling IPQ and NFQ MMartin (Mar 07)
- <Possible follow-ups>
- Re: Problems Enabling IPQ and NFQ MMartin (Mar 07)
- Problems Enabling IPQ and NFQ MMartin (Mar 10)