[Oisf-users] Error running inline mode
Will Metcalf
william.metcalf at gmail.com
Mon Jun 7 15:37:03 UTC 2010
interesting are you using ip_queue for anything? if not can you try to
rmmod ip_queue and try to start up suricata again?
Regards,
Will
On Mon, Jun 7, 2010 at 10:33 AM, Martin Spinassi
<martins.listz at gmail.com> wrote:
> Will,
>
> Here is the output of "cat /proc/net/netfilter/nf_queue":
>
> # cat /proc/net/netfilter/nf_queue
> 0 NONE
> 1 NONE
> 2 ip_queue
> 3 NONE
> 4 NONE
> 5 NONE
> 6 NONE
> 7 NONE
> 8 NONE
> 9 NONE
> 10 NONE
> 11 NONE
> 12 NONE
>
> Thanks for your help.
>
> Regards,
>
> Martin
>
> On Mon, Jun 7, 2010 at 12:24 PM, Will Metcalf <william.metcalf at gmail.com> wrote:
>> right... ok and the output from cat /proc/net/netfilter/nf_queue ?
>>
>> Regards,
>>
>> Will
>>
>>
>>
>> On Mon, Jun 7, 2010 at 10:17 AM, Martin Spinassi
>> <martins.listz at gmail.com> wrote:
>>> Will,
>>>
>>> Thanks for you reply.
>>>
>>> Here is my uname -a
>>>
>>> Linux server 2.6.32-trunk-686 #1 SMP Sun Jan 10 06:32:16 UTC 2010 i686
>>> GNU/Linux
>>>
>>> And my "lsmod" output:
>>>
>>> Module Size Used by
>>> xt_NFQUEUE 1565 2
>>> nfnetlink_queue 5093 0
>>> nfnetlink 1798 1 nfnetlink_queue
>>> decnet 48505 0 [permanent]
>>> xt_tcpudp 1743 2
>>> iptable_filter 1790 1
>>> ip_tables 7690 1 iptable_filter
>>> x_tables 8335 3 xt_NFQUEUE,xt_tcpudp,ip_tables
>>> ip_queue 3766 0
>>> loop 9721 0
>>> snd_intel8x0 19523 0
>>> snd_ac97_codec 79136 1 snd_intel8x0
>>> ac97_bus 710 1 snd_ac97_codec
>>> snd_pcm 47350 2 snd_intel8x0,snd_ac97_codec
>>> snd_timer 12258 1 snd_pcm
>>> snd 33551 4
>>> snd_intel8x0,snd_ac97_codec,snd_pcm,snd_timer
>>> soundcore 3450 1 snd
>>> shpchp 21220 0
>>> parport_pc 15799 0
>>> sis_agp 3145 1
>>> pcspkr 1207 0
>>> evdev 5609 3
>>> parport 22554 1 parport_pc
>>> snd_page_alloc 4977 2 snd_intel8x0,snd_pcm
>>> pci_hotplug 18065 1 shpchp
>>> agpgart 19516 1 sis_agp
>>> button 3598 0
>>> processor 25803 0
>>> ext3 93828 6
>>> jbd 31965 1 ext3
>>> mbcache 3762 1 ext3
>>> ide_cd_mod 21044 0
>>> ide_gd_mod 17103 10
>>> cdrom 26487 1 ide_cd_mod
>>> ata_generic 2015 0
>>> ohci_hcd 16804 0
>>> ide_pci_generic 1924 0
>>> sata_sis 2734 0
>>> pata_sis 1538 1 sata_sis
>>> 8139cp 13285 0
>>> libata 113728 3 ata_generic,sata_sis,pata_sis
>>> thermal 9206 0
>>> sis5513 4888 8
>>> ehci_hcd 27230 0
>>> floppy 40923 0
>>> 8139too 14849 0
>>> scsi_mod 101073 1 libata
>>> sis900 13731 0
>>> mii 2714 3 8139cp,8139too,sis900
>>> thermal_sys 9378 2 processor,thermal
>>> usbcore 97930 3 ohci_hcd,ehci_hcd
>>> nls_base 4541 1 usbcore
>>> ide_core 63850 4
>>> ide_cd_mod,ide_gd_mod,ide_pci_generic,sis5513
>>>
>>>
>>> Thanks for your support!
>>>
>>> Regards,
>>>
>>> Martin
>>>
>>> On Mon, 2010-06-07 at 09:59 -0500, Will Metcalf wrote:
>>>> can you send output of lsmod and uname -a
>>>>
>>>> Regards,
>>>>
>>>> Will
>>>>
>>>> On Mon, Jun 7, 2010 at 9:53 AM, Martin Spinassi <martins.listz at gmail.com> wrote:
>>>> > Hi list,
>>>> >
>>>> > I' trying suricata for my first time, but I'm having some issues on
>>>> > inline mode.
>>>> >
>>>> > This is part of the output of
>>>> >
>>>> > root at server# suricata -c /etc/suricata/suricata-debian.yaml -q 0
>>>> >
>>>> >
>>>> > <snip>
>>>> > [11621] 7/6/2010 -- 11:47:40 - (stream-tcp.c:282) <Info>
>>>> > (StreamTcpInitConfig) -- stream "max_sessions": 262144
>>>> > [11621] 7/6/2010 -- 11:47:40 - (stream-tcp.c:294) <Info>
>>>> > (StreamTcpInitConfig) -- stream "prealloc_sessions": 32768
>>>> > [11621] 7/6/2010 -- 11:47:40 - (stream-tcp.c:302) <Info>
>>>> > (StreamTcpInitConfig) -- stream "memcap": 67108864
>>>> > [11621] 7/6/2010 -- 11:47:40 - (stream-tcp.c:309) <Info>
>>>> > (StreamTcpInitConfig) -- stream "midstream" session pickups: disabled
>>>> > [11621] 7/6/2010 -- 11:47:40 - (stream-tcp.c:317) <Info>
>>>> > (StreamTcpInitConfig) -- stream "async_oneside": disabled
>>>> > [11657] 7/6/2010 -- 11:47:40 - (tm-threads.c:734) <Info>
>>>> > (TmThreadSetupOptions) -- Setting affinity for "Detect1" Module to
>>>> > cpu/core 0, thread id 11657
>>>> > [11658] 7/6/2010 -- 11:47:40 - (tm-threads.c:734) <Info>
>>>> > (TmThreadSetupOptions) -- Setting affinity for "Verdict" Module to
>>>> > cpu/core 0, thread id 11658
>>>> > [11659] 7/6/2010 -- 11:47:40 - (tm-threads.c:734) <Info>
>>>> > (TmThreadSetupOptions) -- Setting affinity for "RespondReject" Module to
>>>> > cpu/core 0, thread id 11659
>>>> > [11660] 7/6/2010 -- 11:47:40 - (tm-threads.c:734) <Info>
>>>> > (TmThreadSetupOptions) -- Setting affinity for "Outputs" Module to
>>>> > cpu/core 0, thread id 11660
>>>> > [11656] 7/6/2010 -- 11:47:40 - (tm-threads.c:734) <Info>
>>>> > (TmThreadSetupOptions) -- Setting affinity for "Stream1" Module to
>>>> > cpu/core 0, thread id 11656
>>>> > [11655] 7/6/2010 -- 11:47:40 - (tm-threads.c:734) <Info>
>>>> > (TmThreadSetupOptions) -- Setting affinity for "Decode1" Module to
>>>> > cpu/core 0, thread id 11655
>>>> > [11654] 7/6/2010 -- 11:47:40 - (tm-threads.c:734) <Info>
>>>> > (TmThreadSetupOptions) -- Setting affinity for "ReceiveNFQ" Module to
>>>> > cpu/core 0, thread id 11654
>>>> > [11654] 7/6/2010 -- 11:47:40 - (source-nfq.c:241) <Error>
>>>> > (NFQInitThread) -- [ERRCODE: SC_ERR_NFQ_UNBIND(67)] - nfq_unbind_pf()
>>>> > for AF_INET failed
>>>> >
>>>> >
>>>> > I googled it for a while, but I don't get anything but source code of
>>>> > suricata.
>>>> >
>>>> >
>>>> > Any link/suggestion is very appreciated.
>>>> > Thanks!
>>>> >
>>>> > Martin
>>>> >
>>>> >
>>>> > _______________________________________________
>>>> > Oisf-users mailing list
>>>> > Oisf-users at openinfosecfoundation.org
>>>> > http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>>>> >
>>>
>>>
>>>
>> _______________________________________________
>> Oisf-users mailing list
>> Oisf-users at openinfosecfoundation.org
>> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>>
>
More information about the Oisf-users
mailing list