Menu
▾
▴
snort-inline-users
|
From: Sanjai N. <na...@re...> - 2005-08-19 22:42:05
|
We have two independently developed snortinline applications that we'd now like to run on the same interface. Is this possible via snort configuration, or do we have to merge the source code in the preprocessors directory and rebuild a single application? I would greatly appreciate any assistance. We tried starting up both snort binaries on the same interface but got an error (I believe it was resource busy). However, if we run two copies of the non-inline Snort applications on the same interface, there is no error. Thanks. -- Sanjai Narain Senior Research Scientist Telcordia Technologies |
|
From: Will M. <wil...@gm...> - 2005-08-20 22:15:56
|
This is a ip_queue limitation, not a snort-inline limitation. NFQUEUE which will be included in the 2.6.14 kernel will support multiple queue targets, hence you will be able to run multiple instances of snort-inline once we add support for it ;-). Regards, Will On 8/19/05, Sanjai Narain <na...@re...> wrote: > We have two independently developed snortinline applications that we'd no= w > like to run on the same interface. Is this possible via snort > configuration, or do we have to merge the source code in the preprocessor= s > directory and rebuild a single application? I would greatly appreciate an= y > assistance. >=20 > We tried starting up both snort binaries on the same interface but got an > error (I believe it was resource busy). However, if we run two copies of > the non-inline Snort applications on the same interface, there is no erro= r. >=20 > Thanks. -- > Sanjai Narain > Senior Research Scientist > Telcordia Technologies >=20 >=20 >=20 >=20 >=20 > ------------------------------------------------------- > SF.Net email is Sponsored by the Better Software Conference & EXPO > September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practic= es > Agile & Plan-Driven Development * Managing Projects & Teams * Testing & Q= A > Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf > _______________________________________________ > Snort-inline-users mailing list > Sno...@li... > https://lists.sourceforge.net/lists/listinfo/snort-inline-users > |
|
From: Sanjai N. <na...@re...> - 2005-08-21 13:07:44
|
Thanks, Will. I appreciate your informative reply. -- Sanjai On Sat, 20 Aug 2005, Will Metcalf wrote: > This is a ip_queue limitation, not a snort-inline limitation. NFQUEUE > which will be included in the 2.6.14 kernel will support multiple > queue targets, hence you will be able to run multiple instances of > snort-inline once we add support for it ;-). > > Regards, > > Will > > On 8/19/05, Sanjai Narain <na...@re...> wrote: >> We have two independently developed snortinline applications that we'd now >> like to run on the same interface. Is this possible via snort >> configuration, or do we have to merge the source code in the preprocessors >> directory and rebuild a single application? I would greatly appreciate any >> assistance. >> >> We tried starting up both snort binaries on the same interface but got an >> error (I believe it was resource busy). However, if we run two copies of >> the non-inline Snort applications on the same interface, there is no error. >> >> Thanks. -- >> Sanjai Narain >> Senior Research Scientist >> Telcordia Technologies >> >> >> >> >> >> ------------------------------------------------------- >> SF.Net email is Sponsored by the Better Software Conference & EXPO >> September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices >> Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA >> Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf >> _______________________________________________ >> Snort-inline-users mailing list >> Sno...@li... >> https://lists.sourceforge.net/lists/listinfo/snort-inline-users >> > |
|
From: <ko...@in...> - 2005-08-22 08:47:21
|
Some time ago I reimplemented snort-inline on Linux so it uses TUN/TAP virtual net interfaces instead of IPQUEUE, so it should be possible to ru= n several instances of snort-inline. Although it can't REJECT yet (workaround on iptables level is possible) and it's almost untested (the development was stopped), it's usable - and is able to solve your problem= . Are you (or anybody else from snort-inline community) interested in the patch/code? VlK >> This is a ip_queue limitation, not a snort-inline limitation. NFQUEUE >> which will be included in the 2.6.14 kernel will support multiple >> queue targets, hence you will be able to run multiple instances of >> snort-inline once we add support for it ;-). >> >> Regards, >> >> Will >> >> On 8/19/05, Sanjai Narain <na...@re...> wrote: >>> We have two independently developed snortinline applications that we'= d >>> now >>> like to run on the same interface. Is this possible via snort >>> configuration, or do we have to merge the source code in the >>> preprocessors >>> directory and rebuild a single application? I would greatly appreciat= e >>> any >>> assistance. >>> >>> We tried starting up both snort binaries on the same interface but go= t >>> an >>> error (I believe it was resource busy). However, if we run two copie= s >>> of >>> the non-inline Snort applications on the same interface, there is no >>> error. >>> >>> Thanks. -- >>> Sanjai Narain >>> Senior Research Scientist >>> Telcordia Technologies |
|
From: Nick R. <ni...@ro...> - 2005-08-22 03:49:37
|
> This is a ip_queue limitation, not a snort-inline limitation. NFQUEUE > which will be included in the 2.6.14 kernel will support multiple > queue targets, hence you will be able to run multiple instances of > snort-inline once we add support for it ;-). > If your application is not platform specific, you could accomplish this with snort_inline on FreeBSD (which doesn't have this limitation). > Regards, > > Will > > On 8/19/05, Sanjai Narain <na...@re...> wrote: >> We have two independently developed snortinline applications that we'd >> now >> like to run on the same interface. Is this possible via snort >> configuration, or do we have to merge the source code in the >> preprocessors >> directory and rebuild a single application? I would greatly appreciate >> any >> assistance. >> >> We tried starting up both snort binaries on the same interface but got >> an >> error (I believe it was resource busy). However, if we run two copies >> of >> the non-inline Snort applications on the same interface, there is no >> error. >> >> Thanks. -- >> Sanjai Narain >> Senior Research Scientist >> Telcordia Technologies >> >> >> >> Nick Rogness <ni...@ro...> |
|
From: Sanjai N. <na...@re...> - 2005-08-22 03:53:09
|
Nick: Thanks for pointing this out. We are running on Linux only, but your point is quite interesting. Regards. -- Sanjai On Sun, 21 Aug 2005, Nick Rogness wrote: > >> This is a ip_queue limitation, not a snort-inline limitation. NFQUEUE >> which will be included in the 2.6.14 kernel will support multiple >> queue targets, hence you will be able to run multiple instances of >> snort-inline once we add support for it ;-). >> > > If your application is not platform specific, you could accomplish this > with snort_inline on FreeBSD (which doesn't have this limitation). > > >> Regards, >> >> Will >> >> On 8/19/05, Sanjai Narain <na...@re...> wrote: >>> We have two independently developed snortinline applications that we'd >>> now >>> like to run on the same interface. Is this possible via snort >>> configuration, or do we have to merge the source code in the >>> preprocessors >>> directory and rebuild a single application? I would greatly appreciate >>> any >>> assistance. >>> >>> We tried starting up both snort binaries on the same interface but got >>> an >>> error (I believe it was resource busy). However, if we run two copies >>> of >>> the non-inline Snort applications on the same interface, there is no >>> error. >>> >>> Thanks. -- >>> Sanjai Narain >>> Senior Research Scientist >>> Telcordia Technologies >>> >>> >>> >>> > > > Nick Rogness <ni...@ro...> > > |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X