Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Snort crashes occasionally on ioctl error

    pfSense Packages
    1
    3
    1199
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      Fesoj last edited by

      Recent Snort versions (up to package v.2.2.3) crash with the following system log message, when blocking is enabled:

      snort[60245]: FATAL ERROR: s2c_pf_block() => ioctl() DIOCRADDADDRS: Inappropriate ioctl for device

      I am pretty sure that this error did not occcur with packages based on snort vs. 2.9.0.

      In this case the error occured when only the snort p2p rules were enabled, but I've seen this also with emerging threats rules.

      1 Reply Last reply Reply Quote 0
      • F
        Fesoj last edited by

        The snort interface also went down when using the emerging threats p2p rules, only. It seemed that there was a larger time delay between blocking the offender and the crash of the interface. I'll keep at it.

        1 Reply Last reply Reply Quote 0
        • F
          Fesoj last edited by

          I went back to enable the snort p2p rules and deactivated the ET rules. This time the interface did not crash when running a p2p client, but as already described somewhere else, there were bogus alert messages like

          (http_inspect) HTTP RESPONSE GZIP DECOMPRESSION FAILED - Unknown Traffic
          (http_inspect) SIMPLE REQUEST - Unknown Traffic

          for both interfaces I installed (WAN and LAN side).

          Things are working in a way but something seems to be scrambled.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post