[Snort-inline-users] =?utf-8?q?snort=5Finline-2=2E6=2E1=2E5_probl?= =?utf-8?q?ems_=EF=BC=8Cplease_help_me_!?=

[ChunXin <ch...@os...>]

I am using snort_inline-2.6.1.5，but I encountered many problems

1, my network topological graph as follow :


{Client (192.168.9.2) nmap}<--->{ snort_inline-2.6.1.5 }<--->{ Server
192.168.1.2 (web) }


2, And i started my snort_inline by this way : "iptables -A FORWARD -j
QUEUE && sonrt_inline -Q -c snort_inline.conf ",
When I use nmap scan web server , The snort_inline always stop and on
the screen showed "Segmentation fault"

I use "strace" check his running status (strace -f -p 5668 ,5668 is pid
of snort_inline), when snort_inline stoped,the screen
showed :
--------------------------------------------------------------------------------------------------
gettimeofday({1192126318, 360095}, NULL) = 0
write(5, "[**] [122:1:0] (portscan) TCP Po"..., 44) = 44
write(5, "10/12-02:11:58.360095 192.168.9."..., 49) = 49
write(5, "PROTO255 TTL:0 TOS:0x0 ID:0 IpLe"..., 51) = 51
write(5, "\n", 1) = 1
write(6, "10/12-02:11:58.360095 [**] [122"..., 105) = 105
write(3, "ng\16G\237~\5\0\256\0\0\0\256\0\0\0MACDADMACDAD\10\0E\0"...,
190) = 190
--- SIGSEGV (Segmentation fault) @ 0 (0) ---

-----------------------------------------------------------------------------------------------------

I tracked several times ，every time that like this information , and
the "(portscan)" word never changed!
It's a bug of sfportscan !? or I have not done right?


3, my snort_inline-2.6.1.5 configure options as follow :
./configure --prefix=/usr/local/snort_inline --enable-pthread
--enable-stream4udp --enable-dynamicplugin --enable-timestats
--enable-perfprofiling --enable-linux-smp-stats --enable-flexresp2
--enable-react --enable-nfnetlink --enable-clamav
--with-mysql=/usr/local/mysql
--with-libpcap-includes=/usr/local/libpcap/include
--with-libpcap-libraries=/usr/local/libpcap/lib
--with-clamav-includes=/usr/local/clamav/include
--with-clamav-defdir=/usr/local/clamav/share/clamav

Best Regards