Ahhh, what a way to join the list. I am using snort_inline 2.2.0a, and
the information below is still accurate. However, I didn't realize the
test.rules set was modifying both DNS and ICMP packets. Commenting out
those rules, snort_inline is working just as it should.
Would it be useful to produce diff patches for my changes for
snort_inline 2.2.0a on FreeBSD 5.3?
On Thu, 2004-12-30 at 08:38, Christopher Black wrote:
> Hello list,
>
> I am using snort_inline on FreeBSD 5.3 with IPFW, and after fixing the
> following (line 184 used to be in the ndef block) in snort.h:
>
> 179 #ifndef IPFW
> 180 char layer2_resets;
> 181 u_char enet_src[6];
> 182 #endif
> 183 #ifdef IPFW
> 184 char log_bad_checksums;
> 185 int divert_port;
> 186 #endif /* USE IPFW DIVERT socket instead of IPtables */
>
> It will compile, but drops every packet. I traced that back to checking
> the IP header checksum, and based on the comment leading that block
> (that the check is mostly unneeded), I just commented out the line to
> call InlineDrop(). Now it's not dropping the packet there, but still
> seems to be dropping it somewhere.
>
> Has anyone else run into and/or fixed this? I will continue hunting,
> but look forward to your input!
--
Christopher Black <bla...@um...>
|
