Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

[Snort-users] ERROR: Can't set DAQ BPF filter to 'dna0:dna1' (pfring_daq_set_filter: BPF state machine compilation failed!)!

826 views
Skip to first unread message

Avery Rozar

unread,
Aug 13, 2013, 3:53:59 PM8/13/13
to
Trying to run my new box with a silicom card with DNA license. When I try to start snort, I get the following error. Though, I don't even have BPF set, its #ed out.

ERROR: Can't set DAQ BPF filter to 'dna0:dna1' (pfring_daq_set_filter: BPF state machine compilation failed!)!

Is this a snort, or DNA config issue?

Thanks in advance!

------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite!
It's a free troubleshooting tool designed for production.
Get down to code-level detail for bottlenecks, with <2% overhead.
Download for free and get started troubleshooting in minutes.
http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort...@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Russ Combs

unread,
Aug 13, 2013, 5:35:18 PM8/13/13
to
On Tue, Aug 13, 2013 at 3:53 PM, Avery Rozar <Avery...@i-techsupport.com> wrote:
Trying to run my new box with a silicom card with DNA license. When I try to start snort, I get the following error. Though, I don't even have BPF set, its #ed out.

ERROR: Can't set DAQ BPF filter to 'dna0:dna1' (pfring_daq_set_filter: BPF state machine compilation failed!)!

Is this a snort, or DNA config issue?

Most likely the issue is that -i is missing from the command line.  Snort permutes the args and anything unrecognized is passed to the DAQ to be used as a BPF.

waldo kitty

unread,
Aug 13, 2013, 7:05:41 PM8/13/13
to
On 8/13/2013 15:53, Avery Rozar wrote:
> Trying to run my new box with a silicom card with DNA license. When I try to start snort, I get the following error. Though, I don't even have BPF set, its #ed out.
>
> ERROR: Can't set DAQ BPF filter to 'dna0:dna1' (pfring_daq_set_filter: BPF state machine compilation failed!)!
>
> Is this a snort, or DNA config issue?

what is your exact command line to start snort... if you use a script, what does
that script generate for the actual command line to start snort?

--
NOTE: No off-list assistance is given without prior approval.
Please keep mailing list traffic on the list unless
private contact is specifically requested and granted.

Avery Rozar

unread,
Aug 14, 2013, 8:35:59 AM8/14/13
to
I was missing the -I, thanks Russ.

snort -c /etc/snort/snort.conf -A console -i dna0:dna1 --daq-dir
/usr/local/lib/daq --daq pfring --daq-var clusterid=10 --daq-mode inline -Q


Now I'm getting a clusterid error.

pfring DAQ configured to inline.
dna0 <-> dna1
ERROR: Can't initialize DAQ pfring (-1) - pfring_daq_initialize: not
enough cluster ids (1)


Looking threw the users guide right now.

Y M

unread,
Aug 14, 2013, 10:16:28 AM8/14/13
to
How many snort processes are you running?

Avery Rozar

unread,
Aug 14, 2013, 11:05:57 AM8/14/13
to
This is just my first one.
0 new messages