|
1 Provide the directory where snort will initially look for DAQ modules. |
|
2 |
|
3 This patch has not been sent upstream, because the Solaris integration |
|
4 of libdaq is different from the way that Linux systems do this. |
|
5 |
|
6 On Linux systems, DAQ installs two static libraries: |
|
7 |
|
8 /usr/lib/libdaq_static.a |
|
9 /usr/lib/libdaq_static_modules.a |
|
10 |
|
11 When snort is being configured, you see: |
|
12 |
|
13 ... |
|
14 checking for daq_load_modules in -ldaq_static... yes |
|
15 ... |
|
16 |
|
17 and at link time we see "-ldaq_static ... -ldaq_static_modules ...". |
|
18 |
|
19 This means that when you start snort running, it knows where to |
|
20 look for a set of DAQ modules that it loads. This is done with |
|
21 with a call to the DAQ routine daq_load_modules(). |
|
22 |
|
23 On Solaris, we do not provide those two static libraries (or their 64-bit |
|
24 equivalents). Therefore, by default, a call to daq_load_modules() using |
|
25 the dynamic libraries doesn't know where to look for any DAQ modules. |
|
26 |
|
27 Now you can override this by starting snort with: |
|
28 |
|
29 $ sudo /usr/bin/snort --daq-dir /usr/lib/64/daq |
|
30 |
|
31 or |
|
32 |
|
33 $ sudo /usr/bin/snort -c /etc/snort.conf |
|
34 |
|
35 or something similar, but that doesn't allow: |
|
36 |
|
37 $ sudo /usr/bin/snort |
|
38 |
|
39 to work, right out of the box, which is what snort users would expect. |
|
40 |
|
41 To resolve this, at snort initialization time on Solaris, the code has |
|
42 been adjusted to specify a single default DAQ module directory: |
|
43 |
|
44 /usr/lib/64/daq |
|
45 |
|
46 |
|
47 --- snort-2.9.2/src/snort.c.orig 2013-05-15 11:52:06.640833897 -0700 |
|
48 +++ snort-2.9.2/src/snort.c 2013-05-15 11:58:03.040482526 -0700 |
|
49 @@ -3677,6 +3677,9 @@ |
|
50 { |
|
51 SnortConfig *sc = (SnortConfig *)SnortAlloc(sizeof(SnortConfig)); |
|
52 |
|
53 + /* Define where to look for DAQ modules. */ |
|
54 + ConfigDaqDir(sc, "/usr/lib/64/daq"); |
|
55 + |
|
56 sc->pkt_cnt = -1; |
|
57 sc->pkt_snaplen = -1; |
|
58 /*user_id and group_id should be initialized to -1 by default, because |