3. Snort crashes occasionally on ioctl error

Snort crashes occasionally on ioctl error

  • F

    Recent Snort versions (up to package v.2.2.3) crash with the following system log message, when blocking is enabled:

    snort[60245]: FATAL ERROR: s2c_pf_block() => ioctl() DIOCRADDADDRS: Inappropriate ioctl for device

    I am pretty sure that this error did not occcur with packages based on snort vs. 2.9.0.

    In this case the error occured when only the snort p2p rules were enabled, but I've seen this also with emerging threats rules.

    0
  • F

    The snort interface also went down when using the emerging threats p2p rules, only. It seemed that there was a larger time delay between blocking the offender and the crash of the interface. I'll keep at it.

    0
  • F

    I went back to enable the snort p2p rules and deactivated the ET rules. This time the interface did not crash when running a p2p client, but as already described somewhere else, there were bogus alert messages like

    (http_inspect) HTTP RESPONSE GZIP DECOMPRESSION FAILED - Unknown Traffic
    (http_inspect) SIMPLE REQUEST - Unknown Traffic

    for both interfaces I installed (WAN and LAN side).

    Things are working in a way but something seems to be scrambled.

    0
Locked
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy