<div dir="ltr"><div>Hi Peter, </div><div><br></div><div>I installed Suricata in Cygwin/tmp today from Linux/Mac/FreeBSD/UNIX/Windows Source without the --enable-nfqueue option. It ran just as well as it had after installing with the .msi. </div>
<div><br></div><div>I then unpacked netfilterforwin in Cygwin/tmp and installed netfilter.sys and libnetfilter_queue using Cygwin, successfully I believe. However, when I recompiled Suricata, this time with --enable-nfqueue, it failed with these messages:</div>
<div><br></div><div> checking libnfnetlink/libnfnetlink.h usability... no</div><div> checking libnfnetlink/libnfnetlink.h presence... no</div><div> checking for libnfnetlink/libnfnetlink.h... no</div><div> configure: error: libnfnetlink.h not found ...</div>
<div><br></div><div>I've attached the config.log.</div><div><br></div><div>Thanks.</div><div><br></div><div>Geof</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Fri, May 23, 2014 at 12:25 AM, Peter Manev <span dir="ltr"><<a href="mailto:petermanev@gmail.com" target="_blank">petermanev@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="HOEnZb"><div class="h5">On Fri, May 23, 2014 at 9:11 AM, Aethrun <<a href="mailto:geofa80@gmail.com">geofa80@gmail.com</a>> wrote:<br>
> Hello,<br>
><br>
> I installed Suricata under Windows 7 using the Suricata-2.0-1-32bit.msi<br>
> installer. It's performing well in IDS mode.<br>
><br>
> However, when I enter suricata -c suricata.yaml -q 0 to go into inline mode<br>
> I get this message:<br>
><br>
> 21/5/2014 -- 20:29:58 - <Error> - [ERRCODE: SC_ERR_NFQ_NOSUPPORT(67)] -<br>
> NFQUEUE not enabled. Make sure to pass --enable-nfqueue to configure when<br>
> building.<br>
><br>
> Is there another command I can use to run inline? If not, can I install the<br>
> missing files to the Suricata directory to enable NFQ?<br>
><br>
> Thanks.<br>
><br>
> Geof<br>
><br>
><br>
</div></div>> _______________________________________________<br>
> Suricata IDS Users mailing list: <a href="mailto:oisf-users@openinfosecfoundation.org">oisf-users@openinfosecfoundation.org</a><br>
> Site: <a href="http://suricata-ids.org" target="_blank">http://suricata-ids.org</a> | Support: <a href="http://suricata-ids.org/support/" target="_blank">http://suricata-ids.org/support/</a><br>
> List: <a href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" target="_blank">https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br>
> OISF: <a href="http://www.openinfosecfoundation.org/" target="_blank">http://www.openinfosecfoundation.org/</a><br>
<br>
Hi,<br>
<br>
The msi package comes without NFQUEUE enabled.<br>
To enable it you would have to recompile Suricata on Windows under<br>
CYGWIN with "--enable-nfqueue" and have netfilterforwin installded<br>
beforehand.<br>
<br>
How to for Suricata on Windows:<br>
<a href="https://redmine.openinfosecfoundation.org/attachments/download/757/SuricataWinInstallationGuide_v1.3.pdf" target="_blank">https://redmine.openinfosecfoundation.org/attachments/download/757/SuricataWinInstallationGuide_v1.3.pdf</a><br>
<br>
for NFQUEUE under windows follow the section "Inline mode" from this page -<br>
<a href="https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Windows" target="_blank">https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Windows</a><br>
<br>
Thank you<br>
<span class="HOEnZb"><font color="#888888"><br>
<br>
--<br>
Regards,<br>
Peter Manev<br>
</font></span></blockquote></div><br></div>