[Oisf-users] Problems running Suricata 3.1.1 under FreeBSD 10.3

Peter Manev petermanev at gmail.com
Thu Jul 28 22:32:25 UTC 2016 

On Thu, Jul 28, 2016 at 11:19 PM, Jason Ish <lists at unx.ca> wrote:
> On Thu, Jul 28, 2016 at 4:06 PM, Peter Manev <petermanev at gmail.com> wrote:
>> On Wed, Jul 27, 2016 at 2:38 PM, C. L. Martinez <carlopmart at gmail.com> wrote:
>>> Hi all,
>>>
>>>  When I try to start suricata with these options: "--pcap -v -k none -D" under a FreeBSD 10.3 host (amd64, fully patched), the following errors appears:
>>>
>>> 27/7/2016 -- 13:29:53 - <Notice> - This is Suricata version 3.1.1 RELEASE
>>> 27/7/2016 -- 13:29:53 - <Info> - CPUs/cores online: 1
>>> 27/7/2016 -- 13:29:53 - <Info> - Found an MTU of 1500 for 'vtnet0'
>>> 27/7/2016 -- 13:29:53 - <Info> - Found an MTU of 1500 for 'vtnet3'
>>> 27/7/2016 -- 13:29:53 - <Info> - Found an MTU of 1500 for 'vtnet5'
>>> 27/7/2016 -- 13:29:53 - <Info> - Max dump is 0
>>> 27/7/2016 -- 13:29:53 - <Info> - Core dump setting attempted is 0
>>> 27/7/2016 -- 13:29:53 - <Info> - Core dump size set to 0
>>> 27/7/2016 -- 13:29:53 - <Info> - 3 rule files processed. 35 rules successfully loaded, 0 rules failed
>>> 27/7/2016 -- 13:29:53 - <Info> - 35 signatures processed. 0 are IP-only rules, 0 are inspecting packet payload, 35 inspect application layer, 0 are decoder event only
>>> 27/7/2016 -- 13:29:53 - <Info> - Threshold config parsed: 0 rule(s) found
>>> 27/7/2016 -- 13:29:53 - <Info> - fast output device (regular) initialized: fast.log
>>> 27/7/2016 -- 13:29:53 - <Info> - stats output device (regular) initialized: stats.log
>>> 27/7/2016 -- 13:29:53 - <Info> - Going to use 1 thread(s)
>>> 27/7/2016 -- 13:29:53 - <Info> - using interface
>>> 27/7/2016 -- 13:29:53 - <Error> - [ERRCODE: SC_ERR_PCAP_ACTIVATE_HANDLE(27)] - Couldn't activate the pcap handler, error BIOCSETIF failed: Device not configured
>>
>> Which interface triggers that err above?
>
> This appears to be a regression between 3.0 and 3.1.  Its picking up
> the "" interface provided on the command line, where in 3.0 if it was
> the empty it was ignored as it should be.  Its not limited to FreeBSD,
> but happens on Linux as well.
>

I can confirm the same as Jason just explained with "-interface: default ".

> C.L.: Any chance you can file a bug report?  If not, I'll try go get
> to it tomorrow.
>
> Thanks,
> Jason



-- 
Regards,
Peter Manev

More information about the Oisf-users mailing list