[LARTC] ip_queue module issue

Patrick McHardy kaber at trash.net
Tue Jan 3 13:58:37 CET 2006 

Salim wrote:
> Hi All,
>    I am adding ip_queue module for snort inline IDS.
> 
> I am using snort2.4.0
> And iptables-1.3.4.
> 
> Userspace Queuing(queue target) is enabled. It is built-in and not built as
> a module.
> The output of /proc/net/ip_queue is shown below:
> 
> cat /proc/net/ip_queue>
> Peer PID          : 0
> Copy mode         : 0
> Copy range        : 0
> Queue length      : 0
> Queue max. length : 1024
> 
> 
> IPTABLES 1.3.4 is being used and it is built with install-devel option
> And libipq.a is seen in /lib directory.
> 
> SNORT is also built in with following options:
> ./configure --prefix=/usr/local/snort \
> --with-libpcap-includes=/usr/local/snort-lib/include \
> --with-libpcap-libraries=/usr/local/snort-lib/lib \
> --with-libpcre-includes=/usr/local/snort-lib/include \
> --with-libpcre-libraries=/usr/local/snort-lib/lib \
> --with-libnet-includes=/usr/local/snort-lib/include \
> --with-libnet-libraries=/usr/local/snort-lib/lib \
> --with-libipq-includes=/usr/local/iptables/include \
> --with-libipq-libraries=/usr/local/iptables/lib \
> --enable-inline
> 
> cat /proc/net/netlink>
> sk       Eth Pid    Groups   Rmem     Wmem     Dump     Locks
> c11c8040 0   0      00000000 0        0        00000000 2
> c7ec0140 3   0      00000000 0        0        00000000 7
> c11c8780 4   0      00000000 0        0        00000000 2
> c7e74c40 5   0      00000000 0        0        00000000 2
> 
> Starting SNORT now:
> /usr/local/snort/bin/snort -Q -N -l /var/log/snortlog -t
> /var/log/snortlog -s -D>
> Initializing Inline mode
> Reading from iptables
> InitInline: : Failed to send netlink message: Connection refused
> Starting snortd: FAILED
> 
> cat /proc/net/netlink>
> sk       Eth Pid    Groups   Rmem     Wmem     Dump     Locks
> c11c8040 0   0      00000000 0        0        00000000 2
> c7ec0140 3   0      00000000 0        0        00000000 8  >>>Locks
> increasing
> c11c8780 4   0      00000000 0        0        00000000 2
> c7e74c40 5   0      00000000 0        0        00000000 2
> 
> Can anybody please point me as to what could be the issue. As it is the
> ip_queue
> Is built in kernel and it is running as can be seen from cat
> /proc/net/ip_queue

Does it work if you build it as a module? If not please send the output
of strace -s 1000 -f snort ...

More information about the netfilter-devel mailing list