[Oisf-users] FreeBSD 8.0 (suricata.c:636) <Error> (main) -- [ERRCODE: SC_ERR_MULTIPLE_RUN_MODE(124)]

rmkml rmkml at free.fr
Fri Jul 30 16:50:04 UTC 2010 

Hi Shant,
maybe can help you ?:
http://www.codealias.info/technotes/freebsd_divert_sockets
  ..."A divert socket is a socket that can be used to alter packets before being processed by the networking stack."...
Regards
Rmkml


On Fri, 30 Jul 2010, Shant Kassardjian wrote:

> Hello Eric,
> 
> Thank you for your reply, I am a bit confused as to which interface suricata monitors traffic on? I have the bridge0 interface configured for (em1, em2, ... em5)
> 5 sub interfaces and em0 which is my uplink interface.
> 
> I though with -i em0 -d 8000 it would listen for traffic passing only through em0 and divert them to ipfw.
> 
> Can you please explain if I don't specify an interface with -i em0 which interface will suricata pick to monitor traffic? Will suricata pass all the traffic from
> the kernel to the ipfw divert socket with the -d option?
> 
> Many thanks.
> 
> Regards,
> Shant K
> 
> 
> > Subject: Re: [Oisf-users] FreeBSD 8.0 (suricata.c:636) <Error> (main) -- [ERRCODE: SC_ERR_MULTIPLE_RUN_MODE(124)]
> > From: eleblond at edenwall.com
> > To: shant at skylab.ca
> > CC: oisf-users at openinfosecfoundation.org
> > Date: Fri, 30 Jul 2010 09:17:12 +0200
> >
> > Hi,
> >
> > Le vendredi 30 juillet 2010 à 02:56 +0000, Shant Kassardjian a écrit :
> > > Hello,
> > >
> > >
> > > I can't seem to start suricata on FreeBSD 8.0
> > >
> > >
> > > I have compiled with ./configure --enable-profiling --enable-ipfw
> > ...
> > >
> > > # suricata -c /usr/local/etc/suricata/suricata.yaml -i em0 -d 8000
> > > [100183] 29/7/2010 -- 22:48:49 - (suricata.c:403) <Info> (main) --
> > > This is Suricata version 1.0.1
> > > [100183] 29/7/2010 -- 22:48:49 - (suricata.c:636) <Error> (main) --
> > > [ERRCODE: SC_ERR_MULTIPLE_RUN_MODE(124)] - more than one run mode has
> > > been specified
> > > ...
> > >
> > >
> > >
> > > Any idea what went wrong? error message doesn't say much..
> >
> > It tell correctly the error ;)
> >
> > You've runned with options :
> > - -i em0 which enable pcap on em0
> > - -d 8000 you divert packet from rule 8000
> > Thus you've got multiple run mode instead on one. You need to choose
> > one.
> >
> > BR,
> > --
> > Éric Leblond, eleblond at edenwall.com
> > Téléphone : +33 1 40 24 65 04, Fax : +33 9 57 21 48 75
> > EdenWall, http://www.edenwall.com
> 
>

More information about the Oisf-users mailing list