[prev in list] [next in list] [prev in thread] [next in thread]
List: snort-users
Subject: Re: [Snort-users] =?utf-8?q?help_about_cpu_usage//Re=3ARe=3A__Help_p?=
From: "Michael Altizer \(mialtize\) via Snort-users" <snort-users () lists ! snort ! org>
Date: 2019-11-13 5:34:44
Message-ID: ffb8f4e8-e9f8-b63b-c998-b8b97e352191 () cisco ! com
[Download RAW message or body]
[Attachment #2 (text/plain)]
Did you build with --enable-shell? I tried to reproduce what you're seeing, but the \
excessive CPU utilization I saw I ended up tracking down to a bug in the recent \
changes to the Snort shell servicing code (nothing to do with the NFQ DAQ module).
On 11/11/19 4:44 AM, sofardware wrote:
Hi Michael ,
I found that, the snort3_build261 with libdaq of nfq result cpu usage of %8 \
-30%, while the snort3_build248 with daq2.2 of nfq result cpu usage of only 1%, \
when threre is no user data go across the snort. Why ? and how to reduce it ?
At 2019-10-11 10:40:05, "Michael Altizer (mialtize)" \
<mialtize@cisco.com><mailto:mialtize@cisco.com> wrote: If I had to guess, I'd say \
that nl_socket_recv() probably properly set EINTR while I was originally developing \
it and something has changed. Anyway, having the check in the main loop is \
appropriate and matches the behavior of the other DAQ modules. I've added it now; \
please try with the latest master branch from libdaq. Thanks for reporting.
On 10/10/19 5:34 AM, sofardware via Snort-users wrote:
Hi,
After my debuging , I found a direct but not basic reason:
In the function nfq_daq_msg_receive in libdaq-master\modules\nfq\daq_nfq.c, \
the interrupt processing need nl_socket_recv() return EINTR. But there was no \
EINTR returned when reload interrupt happen.
But in pacap_daq_msg_receive and afpacket_daq_msg_receive, the interrupt \
processing is putted in while() directly.
Now I add the interrupt processing in while() directly like that in \
pcap_daq_msg_receive,then reload_config command works successfully. But can you \
tell me if the above way for resolving the problem can lead to other problems??? \
and secondly<https://www.baidu.com/link?url=DLH1s96E9ae2ibiWplYpGeimSy4Mjky2eBhUOAX-jf \
uMSJnKHOIj9pjUFrBWT5lZ__tCmlxuKMrYrQq6sTaMxSdINktZq_9a_s91SpmXV2O&wd=&eqid=f75c30f7000f550c000000025d9ef3f0>, \
why the original processing need nl_socket_recv() return EINTR,and why it can not \
come out in fact??
=================
static unsigned nfq_daq_msg_receive(void *handle, const unsigned max_recv, const \
DAQ_Msg_t *msgs[], DAQ_RecvStatus *rstat) {
Nfq_Context_t *nfqc = (Nfq_Context_t *) handle;
unsigned idx = 0;
*rstat = DAQ_RSTAT_OK;
while (idx < max_recv)
{
/* Make sure that we have a packet descriptor available to populate. */
NfqPktDesc *desc = nfqc->pool.freelist;
if (!desc)
{
*rstat = DAQ_RSTAT_NOBUF;
break;
}
/* added by me for reload fail*/
if (nfqc->interrupted)
{
nfqc->interrupted = false;
*rstat = DAQ_RSTAT_INTERRUPTED;
break;
}
/* added by me for reload fail*/
ssize_t ret = nl_socket_recv(nfqc, desc->nlmsg_buf, nfqc->nlmsg_bufsize, idx \
== 0); if (ret < 0)
{
if (errno == ENOBUFS)
{
nfqc->stats.hw_packets_dropped++;
continue;
}
else if (errno == EAGAIN || errno == EWOULDBLOCK)
*rstat = (idx == 0) ? DAQ_RSTAT_TIMEOUT : DAQ_RSTAT_WOULD_BLOCK;
else if (errno == EINTR) // the original processing
{
if (!nfqc->interrupted)
continue;
nfqc->interrupted = false;
*rstat = DAQ_RSTAT_INTERRUPTED;
}
======================================================================================================================================================
static unsigned nfq_daq_msg_receive(void *handle, const unsigned max_recv, const \
DAQ_Msg_t *msgs[], DAQ_RecvStatus *rstat) {
Nfq_Context_t *nfqc = (Nfq_Context_t *) handle;
unsigned idx = 0;
*rstat = DAQ_RSTAT_OK;
while (idx < max_recv)
{
/* Make sure that we have a packet descriptor available to populate. */
NfqPktDesc *desc = nfqc->pool.freelist;
if (!desc)
{
*rstat = DAQ_RSTAT_NOBUF;
break;
}
ssize_t ret = nl_socket_recv(nfqc, desc->nlmsg_buf, nfqc->nlmsg_bufsize, idx \
== 0); if (ret < 0)
{
if (errno == ENOBUFS)
{
nfqc->stats.hw_packets_dropped++;
continue;
}
else if (errno == EAGAIN || errno == EWOULDBLOCK)
*rstat = (idx == 0) ? DAQ_RSTAT_TIMEOUT : DAQ_RSTAT_WOULD_BLOCK;
else if (errno == EINTR)
{
if (!nfqc->interrupted)
continue;
nfqc->interrupted = false;
*rstat = DAQ_RSTAT_INTERRUPTED;
}
else
{
SET_ERROR(nfqc->modinst, "%s: Socket receive failed: %zd - %s (%d)",
__func__, ret, strerror(errno), errno);
*rstat = DAQ_RSTAT_ERROR;
}
break;
}
errno = 0;
ret = mnl_cb_run(desc->nlmsg_buf, ret, 0, nfqc->portid, process_message_cb, \
desc); if (ret < 0)
{
SET_ERROR(nfqc->modinst, "%s: Netlink message processing failed: %zd - %s \
(%d)", __func__, ret, strerror(errno), errno);
*rstat = DAQ_RSTAT_ERROR;
break;
}
/* Increment the module instance's packet counter. */
nfqc->stats.packets_received++;
/* Last, but not least, extract this descriptor from the free list and
place the message in the return vector. */
nfqc->pool.freelist = desc->next;
desc->next = NULL;
nfqc->pool.info.available--;
msgs[idx] = &desc->msg;
idx++;
}
==========================================================================
static unsigned pcap_daq_msg_receive(void *handle, const unsigned max_recv, const \
DAQ_Msg_t *msgs[], DAQ_RecvStatus *rstat) {
struct pcap_pkthdr *pcaphdr;
Pcap_Context_t *pc = (Pcap_Context_t *) handle;
const u_char *data;
unsigned idx;
*rstat = DAQ_RSTAT_OK;
for (idx = 0; idx < max_recv; idx++)
{
/* Check to see if the receive has been canceled. If so, reset it and return \
appropriately. */ if (pc->interrupted)
{
pc->interrupted = false;
*rstat = DAQ_RSTAT_INTERRUPTED;
break;
}
/* If there is a pending descriptor from the readback timeout feature, check \
if it's ready
to be realized. If it is, finish receiving it and carry on. */
if (pc->pending_desc)
{
struct timeval delta;
timersub(&pc->pending_desc->pkthdr.ts, &pc->last_recv, &delta);
if (timercmp(&delta, &pc->timeout_tv, >))
{
timeradd(&pc->last_recv, &pc->timeout_tv, &pc->last_recv);
*rstat = DAQ_RSTAT_TIMEOUT;
break;
}
pc->last_recv = pc->pending_desc->pkthdr.ts;
pc->pool.info.available--;
msgs[idx] = &pc->pending_desc->msg;
pc->stats.packets_received++;
pc->pending_desc = NULL;
continue;
}
/* Make sure that we have a packet descriptor available to populate *before*
calling into libpcap. */
PcapPktDesc *desc = pc->pool.freelist;
if (!desc)
{
*rstat = DAQ_RSTAT_NOBUF;
break;
}
/* When dealing with a live interface, try to get the first packet in \
non-blocking mode. If there's nothing to receive, switch to blocking mode. */
int pcap_rval;
if (pc->mode != DAQ_MODE_READ_FILE && idx == 0)
{
if (set_nonblocking(pc, true) != DAQ_SUCCESS)
{
*rstat = DAQ_RSTAT_ERROR;
break;
}
pcap_rval = pcap_next_ex(pc->handle, &pcaphdr, &data);
if (pcap_rval == 0)
{
if (set_nonblocking(pc, false) != DAQ_SUCCESS)
{
*rstat = DAQ_RSTAT_ERROR;
break;
}
pcap_rval = pcap_next_ex(pc->handle, &pcaphdr, &data);
}
}
else
pcap_rval = pcap_next_ex(pc->handle, &pcaphdr, &data);
if (pcap_rval <= 0)
{
if (pcap_rval == 0)
*rstat = (idx == 0) ? DAQ_RSTAT_TIMEOUT : DAQ_RSTAT_WOULD_BLOCK;
else if (pcap_rval == -1)
{
SET_ERROR(pc->modinst, "%s", pcap_geterr(pc->handle));
*rstat = DAQ_RSTAT_ERROR;
}
else if (pcap_rval == -2)
{
/* LibPCAP brilliantly decides to return -2 if it hit EOF in readback \
OR pcap_breakloop()
was called. Let's try to differentiate by checking to see if we \
asked for a break. */ if (!pc->interrupted && pc->mode == DAQ_MODE_READ_FILE)
{
/* Insert a final timeout receive status when readback timeout \
mode is enabled. */
if (pc->readback_timeout && !pc->final_readback_timeout)
{
pc->final_readback_timeout = true;
*rstat = DAQ_RSTAT_TIMEOUT;
}
else
*rstat = DAQ_RSTAT_EOF;
}
else
{
pc->interrupted = false;
*rstat = DAQ_RSTAT_INTERRUPTED;
}
}
break;
}
/* Update hw packet counters to make sure we detect counter overflow */
if (++pc->hwupdate_count == DAQ_PCAP_ROLLOVER_LIM)
update_hw_stats(pc);
/* Populate the packet descriptor */
int caplen = (pcaphdr->caplen > pc->snaplen) ? pc->snaplen : pcaphdr->caplen;
memcpy(desc->data, data, caplen);
/* Next, set up the DAQ message. Most fields are prepopulated and \
unchanging. */ DAQ_Msg_t *msg = &desc->msg;
msg->data_len = caplen;
/* Then, set up the DAQ packet header. */
DAQ_PktHdr_t *pkthdr = &desc->pkthdr;
pkthdr->pktlen = pcaphdr->len;
pkthdr->ts.tv_sec = pcaphdr->ts.tv_sec;
pkthdr->ts.tv_usec = pcaphdr->ts.tv_usec;
/* Last, but not least, extract this descriptor from the free list and
place the message in the return vector. */
pc->pool.freelist = desc->next;
desc->next = NULL;
/* If the readback timeout feature is enabled, check to see if the configured \
timeout has
elapsed between the previous packet and this one. If it has, store the \
descriptor for
later without modifying counters and return the timeout receive status. \
*/
if (pc->mode == DAQ_MODE_READ_FILE && pc->readback_timeout && pc->timeout > \
0) {
if (timerisset(&pc->last_recv) && timercmp(&pkthdr->ts, &pc->last_recv, \
>)) {
struct timeval delta;
timersub(&pkthdr->ts, &pc->last_recv, &delta);
if (timercmp(&delta, &pc->timeout_tv, >))
{
pc->pending_desc = desc;
timeradd(&pc->last_recv, &pc->timeout_tv, &pc->last_recv);
*rstat = DAQ_RSTAT_TIMEOUT;
break;
}
}
pc->last_recv = pkthdr->ts;
}
pc->pool.info.available--;
msgs[idx] = &desc->msg;
/* Finally, increment the module instance's packet counter. */
pc->stats.packets_received++;
}
return idx;
}
At 2019-10-10 10:37:54, "Russ Combs (rucombs)" \
<rucombs@cisco.com><mailto:rucombs@cisco.com> wrote: Does Ctrl+C exit normally with \
the NFQ DAQ without reload?
From: sofardware <sofardware@126.com><mailto:sofardware@126.com>
Date: Wednesday, October 9, 2019 at 10:13 PM
To: "Tom Peters (thopeter)" <thopeter@cisco.com><mailto:thopeter@cisco.com>
Cc: "Shravan Rangarajuvenkata (shrarang)" \
<shrarang@cisco.com><mailto:shrarang@cisco.com>, \
"Snort-users@lists.snort.org"<mailto:Snort-users@lists.snort.org> \
<Snort-users@lists.snort.org><mailto:Snort-users@lists.snort.org>, "Russ Combs \
(rucombs)" <rucombs@cisco.com><mailto:rucombs@cisco.com>
Subject: Help please!!! snort_build261 can not reload config successfully with \
daq in nfq
Hi,
I am anxious to resolve this problem. Please give me some help. Thank you \
very much.
I have read README file in snort3 and DAQ, and did not found useful info for \
this problem.
-----------------------
Hi,
I need help for this:
snort_build261 can not reload config successfully with daq in nfq, and also can \
not be exit by pressing keys "Ctrl+C". But it works well with daq of not nfq.
[root@localhost build]# /usr/local/snort261/bin/snort --daq-dir /usr/local/lib/daq/ \
--daq nfq -i 1 -c /usr/local/snort261/etc/snort/snort.lua --shell -j
--------------------------------------------------
o")~ Snort++ 3.0.0-261
--------------------------------------------------
Loading /usr/local/snort261/etc/snort/snort.lua:
Loading snort_defaults.lua:
Finished snort_defaults.lua:
Loading file_magic.lua:
Finished file_magic.lua:
ssh
host_cache
pop
binder
stream_tcp
network
gtp_inspect
packets
dce_http_proxy
stream_icmp
normalizer
ftp_server
stream_udp
search_engine
ips
dce_smb
latency
wizard
appid
file_id
ftp_data
hosts
smtp
port_scan
dce_http_server
modbus
dce_tcp
telnet
host_tracker
ssl
sip
rpc_decode
http2_inspect
http_inspect
back_orifice
stream_user
stream_ip
classifications
dnp3
active
ftp_client
daq
decode
alerts
stream
references
arp_spoof
output
dns
dce_udp
imap
process
stream_file
Finished /usr/local/snort261/etc/snort/snort.lua:
--------------------------------------------------
/usr/local/lib/daq//daq_afpacket.so: Module API version (0x10007) differs from \
expected version (0x30001)
/usr/local/lib/daq//daq_afpacket.so: Failed to register DAQ module.
/usr/local/lib/daq//daq_ipfw.so: Module API version (0x10007) differs from expected \
version (0x30001)
/usr/local/lib/daq//daq_ipfw.so: Failed to register DAQ module.
nfq DAQ configured to passive.
Commencing packet processing
Entering command shell
o")~
++ [0] 1
reload_config('/usr/local/snort261/etc/snort/snort.lua')
.. reloading configuration
Loading /usr/local/snort261/etc/snort/snort.lua:
Loading snort_defaults.lua:
Finished snort_defaults.lua:
Loading file_magic.lua:
Finished file_magic.lua:
ssh
host_cache
pop
binder
stream_tcp
network
gtp_inspect
packets
dce_http_proxy
stream_icmp
normalizer
ftp_server
stream_udp
search_engine
ips
dce_smb
latency
wizard
appid
file_id
ftp_data
hosts
smtp
port_scan
dce_http_server
modbus
dce_tcp
telnet
host_tracker
ssl
sip
rpc_decode
http2_inspect
http_inspect
back_orifice
stream_user
stream_ip
classifications
dnp3
active
ftp_client
daq
decode
alerts
stream
references
arp_spoof
output
dns
dce_udp
imap
process
stream_file
Finished /usr/local/snort261/etc/snort/snort.lua:
0 hosts loaded
reload_config('/usr/local/snort261/etc/snort/snort.lua')
== reload pending; retry
^C** caught int signal
== stopping
^C** caught int signal
== stopping
^C** caught int signal
== stopping
^C** caught int signal
== stopping
==============================================================================no \
nfq================ [root@localhost build]# /usr/local/snort261/bin/snort --daq-dir \
/usr/local/lib/daq/ -i eth0 -c \
/usr/local/snort261/etc/snort/snort.lua --shell -j
--------------------------------------------------
o")~ Snort++ 3.0.0-261
--------------------------------------------------
Loading /usr/local/snort261/etc/snort/snort.lua:
Loading snort_defaults.lua:
Finished snort_defaults.lua:
Loading file_magic.lua:
Finished file_magic.lua:
ssh
host_cache
pop
binder
stream_tcp
network
gtp_inspect
packets
dce_http_proxy
stream_icmp
normalizer
ftp_server
stream_udp
search_engine
ips
dce_smb
latency
wizard
appid
file_id
ftp_data
hosts
smtp
port_scan
dce_http_server
modbus
dce_tcp
telnet
host_tracker
ssl
sip
rpc_decode
http2_inspect
http_inspect
back_orifice
stream_user
stream_ip
classifications
dnp3
active
ftp_client
daq
decode
alerts
stream
references
arp_spoof
output
dns
dce_udp
imap
process
stream_file
Finished /usr/local/snort261/etc/snort/snort.lua:
--------------------------------------------------
/usr/local/lib/daq//daq_afpacket.so: Module API version (0x10007) differs from \
expected version (0x30001)
/usr/local/lib/daq//daq_afpacket.so: Failed to register DAQ module.
/usr/local/lib/daq//daq_ipfw.so: Module API version (0x10007) differs from expected \
version (0x30001)
/usr/local/lib/daq//daq_ipfw.so: Failed to register DAQ module.
pcap DAQ configured to passive.
Commencing packet processing
Entering command shell
o")~
++ [0] eth0
reload_config('/usr/local/snort261/etc/snort/snort.lua')
.. reloading configuration
Loading /usr/local/snort261/etc/snort/snort.lua:
Loading snort_defaults.lua:
Finished snort_defaults.lua:
Loading file_magic.lua:
Finished file_magic.lua:
ssh
host_cache
pop
binder
stream_tcp
network
gtp_inspect
packets
dce_http_proxy
stream_icmp
normalizer
ftp_server
stream_udp
search_engine
ips
dce_smb
latency
wizard
appid
file_id
ftp_data
hosts
smtp
port_scan
dce_http_server
modbus
dce_tcp
telnet
host_tracker
ssl
sip
rpc_decode
http2_inspect
http_inspect
back_orifice
stream_user
stream_ip
classifications
dnp3
active
ftp_client
daq
decode
alerts
stream
references
arp_spoof
output
dns
dce_udp
imap
process
stream_file
Finished /usr/local/snort261/etc/snort/snort.lua:
0 hosts loaded
.. swapping configuration
== reload complete
o")~
_______________________________________________
Snort-users mailing list
Snort-users@lists.snort.org<mailto:Snort-users@lists.snort.org>
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users
To unsubscribe, send an email to:
snort-users-leave@lists.snort.org<mailto:snort-users-leave@lists.snort.org>
Please visit http://blog.snort.org to stay current on all the latest Snort news!
Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
[Attachment #3 (text/html)]
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body>
<div class="moz-cite-prefix">Did you build with --enable-shell? I tried to \
reproduce what you're seeing, but the excessive CPU utilization I saw I ended up \
tracking down to a bug in the recent changes to the Snort shell servicing code \
(nothing to do with the NFQ DAQ module).<br>
</div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix">On 11/11/19 4:44 AM, sofardware wrote:<br>
</div>
<blockquote type="cite" \
cite="mid:76eb685e.7fdb.16e59d984a2.Coremail.sofardware@126.com"> <div \
style="line-height:1.7;color:#000000;font-size:14px;font-family:Arial"> <div \
style="line-height:1.7;color:#000000;font-size:14px;font-family:Arial"> \
<div>Hi <span style="display: inline !important; float: none; background-color: \
rgb(255, 255, 255); color: rgb(0, 0, 0); font-family: Arial; font-size: 14px; \
font-style: normal; font-variant: normal; font-weight: 400; letter-spacing:
normal; line-height: 23.8px; orphans: 2; text-align: left;
text-decoration: none; text-indent: 0px; text-transform:
none; -webkit-text-stroke-width: 0px; white-space: normal;
word-spacing: 0px;">Michael
,</span></div>
<div> I found that, the snort3_build261 with libdaq of nfq result \
cpu usage of %8 -30%, while the snort3_build248 with daq2.2 of nfq result cpu \
usage of only 1%, when threre is no user data go across the snort.</div> \
<div> Why ? and how to reduce it ?<br> <br>
<br>
<br>
<br>
</div>
<br>
At 2019-10-11 10:40:05, "Michael Altizer (mialtize)" <a \
class="moz-txt-link-rfc2396E" href="mailto:mialtize@cisco.com"> \
<mialtize@cisco.com></a> wrote:<br> <blockquote id="isReplyContent" \
style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">
<div class="moz-cite-prefix">If I had to guess, I'd say that nl_socket_recv() \
probably properly set EINTR while I was originally developing it and something has \
changed. Anyway, having the check in the main loop is appropriate and matches \
the behavior of the other DAQ modules. I've added it now; please try with the \
latest master branch from libdaq. Thanks for reporting.<br> </div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix">On 10/10/19 5:34 AM, sofardware via Snort-users \
wrote:<br> </div>
<blockquote cite="mid:4da4c29a.1020f.16db505028c.Coremail.sofardware@126.com" \
type="cite"> <div style="line-height:1.7;color:#000000;font-size:14px;font-family:Arial">
<div>Hi,</div>
<div> After my debuging , I found a direct but not basic \
reason:</div> <div> In the function <span style="display: \
inline
!important; float: none; background-color:
transparent; color: rgb(0, 0, 0); font-family:
Arial; font-size: 14px; font-style: normal;
font-variant: normal; font-weight: 400;
letter-spacing: normal; line-height: 23.8px;
orphans: 2; text-align: left; text-decoration: none;
text-indent: 0px; text-transform: none;
-webkit-text-stroke-width: 0px; white-space: normal;
word-spacing: 0px;">
nfq_daq_msg_receive in </span> libdaq-master\modules\nfq\daq_nfq.c, the \
interrupt processing need <span style="display: inline
!important; float: none; background-color:
transparent; color: rgb(0, 0, 0); font-family:
Arial; font-size: 14px; font-style: normal;
font-variant: normal; font-weight: 400;
letter-spacing: normal; line-height: 23.8px;
orphans: 2; text-align: left; text-decoration: none;
text-indent: 0px; text-transform: none;
-webkit-text-stroke-width: 0px; white-space: normal;
word-spacing: 0px;">
nl_socket_recv() return</span><span style="font: 400 14px/23.8px Arial; text-align:
left; color: rgb(255, 0, 0); text-transform: none;
text-indent: 0px; letter-spacing: normal;
text-decoration: none; word-spacing: 0px; display:
inline !important; white-space: normal; orphans: 2;
font-size-adjust: none; font-stretch: normal; float:
none; -webkit-text-stroke-width: 0px;
background-color: transparent;"> EINTR</span><span \
style="font: 400 14px/23.8px Arial; text-align: left; color: rgb(0, 0, 0); \
text-transform: none; text-indent: 0px; letter-spacing: normal;
text-decoration: none; word-spacing: 0px; display:
inline !important; white-space: normal; orphans: 2;
font-size-adjust: none; font-stretch: normal; float:
none; -webkit-text-stroke-width: 0px;
background-color: transparent;">.
But there was no EINTR returned when reload interrupt happen.</span></div>
<div><span style="font: 400 14px/23.8px Arial;
text-align: left; color: rgb(0, 0, 0);
text-transform: none; text-indent: 0px;
letter-spacing: normal; text-decoration: none;
word-spacing: 0px; display: inline !important;
white-space: normal; orphans: 2; font-size-adjust:
none; font-stretch: normal; float: none;
-webkit-text-stroke-width: 0px; background-color:
transparent;">
But in pacap<span style="display: inline !important; float: none;
background-color: transparent; color: rgb(0, 0,
0); font-family: Arial; font-size: 14px;
font-style: normal; font-variant: normal;
font-weight: 400; letter-spacing: normal;
line-height: 23.8px; orphans: 2; text-align: left;
text-decoration: none; text-indent: 0px;
text-transform: none; -webkit-text-stroke-width:
0px; white-space: normal; word-spacing: 0px;">_daq_msg_receive
and afpacket<span style="display: inline
!important; float: none; background-color:
transparent; color: rgb(0, 0, 0); font-family:
Arial; font-size: 14px; font-style: normal;
font-variant: normal; font-weight: 400;
letter-spacing: normal; line-height: 23.8px;
orphans: 2; text-align: left; text-decoration:
none; text-indent: 0px; text-transform: none;
-webkit-text-stroke-width: 0px; white-space:
normal; word-spacing: 0px;">_daq_msg_receive, <span \
style="display: inline !important; float: none; background-color: transparent; \
color: rgb(0, 0, 0); font-family: Arial; font-size:
14px; font-style: normal; font-variant:
normal; font-weight: 400; letter-spacing:
normal; line-height: 23.8px; orphans: 2;
text-align: left; text-decoration: none;
text-indent: 0px; text-transform: none;
-webkit-text-stroke-width: 0px; white-space:
normal; word-spacing: 0px;">
the interrupt processing is putted in while() \
directly.</span></span></span></span></div> <div><span style="font: 400 14px/23.8px \
Arial; text-align: left; color: rgb(0, 0, 0);
text-transform: none; text-indent: 0px;
letter-spacing: normal; text-decoration: none;
word-spacing: 0px; display: inline !important;
white-space: normal; orphans: 2; font-size-adjust:
none; font-stretch: normal; float: none;
-webkit-text-stroke-width: 0px; background-color:
transparent;"><span style="display: inline
!important; float: none; background-color:
transparent; color: rgb(0, 0, 0); font-family:
Arial; font-size: 14px; font-style: normal;
font-variant: normal; font-weight: 400;
letter-spacing: normal; line-height: 23.8px;
orphans: 2; text-align: left; text-decoration:
none; text-indent: 0px; text-transform: none;
-webkit-text-stroke-width: 0px; white-space:
normal; word-spacing: 0px;"><span style="display:
inline !important; float: none;
background-color: transparent; color: rgb(0, 0,
0); font-family: Arial; font-size: 14px;
font-style: normal; font-variant: normal;
font-weight: 400; letter-spacing: normal;
line-height: 23.8px; orphans: 2; text-align:
left; text-decoration: none; text-indent: 0px;
text-transform: none; -webkit-text-stroke-width:
0px; white-space: normal; word-spacing: 0px;"><span \
style="display: inline !important; float: none; background-color: transparent; \
color: rgb(0, 0, 0); font-family: Arial; font-size:
14px; font-style: normal; font-variant:
normal; font-weight: 400; letter-spacing:
normal; line-height: 23.8px; orphans: 2;
text-align: left; text-decoration: none;
text-indent: 0px; text-transform: none;
-webkit-text-stroke-width: 0px; white-space:
normal; word-spacing: 0px;"><br>
</span></span></span></span></div>
<div><span style="font: 400 14px/23.8px Arial;
text-align: left; color: rgb(0, 0, 0);
text-transform: none; text-indent: 0px;
letter-spacing: normal; text-decoration: none;
word-spacing: 0px; display: inline !important;
white-space: normal; orphans: 2; font-size-adjust:
none; font-stretch: normal; float: none;
-webkit-text-stroke-width: 0px; background-color:
transparent;"><span style="display: inline
!important; float: none; background-color:
transparent; color: rgb(0, 0, 0); font-family:
Arial; font-size: 14px; font-style: normal;
font-variant: normal; font-weight: 400;
letter-spacing: normal; line-height: 23.8px;
orphans: 2; text-align: left; text-decoration:
none; text-indent: 0px; text-transform: none;
-webkit-text-stroke-width: 0px; white-space:
normal; word-spacing: 0px;"><span style="display:
inline !important; float: none;
background-color: transparent; color: rgb(0, 0,
0); font-family: Arial; font-size: 14px;
font-style: normal; font-variant: normal;
font-weight: 400; letter-spacing: normal;
line-height: 23.8px; orphans: 2; text-align:
left; text-decoration: none; text-indent: 0px;
text-transform: none; -webkit-text-stroke-width:
0px; white-space: normal; word-spacing: 0px;"><span \
style="display: inline !important; float: none; background-color: transparent; \
color: rgb(0, 0, 0); font-family: Arial; font-size:
14px; font-style: normal; font-variant:
normal; font-weight: 400; letter-spacing:
normal; line-height: 23.8px; orphans: 2;
text-align: left; text-decoration: none;
text-indent: 0px; text-transform: none;
-webkit-text-stroke-width: 0px; white-space:
normal; word-spacing: 0px;">
Now I add <span style="background-color: transparent;
color: rgb(0, 0, 0); display: inline; float:
none; font-family: Arial; font-size: 14px;
font-size-adjust: none; font-stretch: 100%;
font-style: normal; font-variant: normal;
font-weight: 400; letter-spacing: normal;
line-height: 23.8px; orphans: 2; text-align:
left; text-decoration: none; text-indent:
0px; text-transform: none;
-webkit-text-stroke-width: 0px; white-space:
normal; word-spacing: 0px;">
<span style="background-color: transparent;
color: rgb(0, 0, 0); display: inline;
float: none; font-family: Arial;
font-size: 14px; font-style: normal;
font-variant: normal; font-weight: 400;
letter-spacing: normal; line-height:
23.8px; orphans: 2; text-align: left;
text-decoration: none; text-indent: 0px;
text-transform: none;
-webkit-text-stroke-width: 0px;
white-space: normal; word-spacing: 0px;"><span \
style="background-color: transparent; color: rgb(0, 0, 0); display: inline;
float: none; font-family: Arial;
font-size: 14px; font-style: normal;
font-variant: normal; font-weight: 400;
letter-spacing: normal; line-height:
23.8px; orphans: 2; text-align: left;
text-decoration: none; text-indent: 0px;
text-transform: none;
-webkit-text-stroke-width: 0px;
white-space: normal; word-spacing: 0px;"><span \
style="background-color: transparent; color: rgb(0, 0, 0); display: inline;
float: none; font-family: Arial;
font-size: 14px; font-style: normal;
font-variant: normal; font-weight:
400; letter-spacing: normal;
line-height: 23.8px; orphans: 2;
text-align: left; text-decoration:
none; text-indent: 0px;
text-transform: none;
-webkit-text-stroke-width: 0px;
white-space: normal; word-spacing:
0px;">the
interrupt processing in while() directly like that in p<span style="display: \
inline !important; float: none; background-color:
transparent; color: rgb(0, 0, 0);
font-family: Arial; font-size: 14px;
font-size-adjust: none;
font-stretch: 100%; font-style:
normal; font-variant: normal;
font-weight: 400; letter-spacing:
normal; line-height: 23.8px;
orphans: 2; text-align: left;
text-decoration: none; text-indent:
0px; text-transform: none;
-webkit-text-stroke-width: 0px;
white-space: normal; word-spacing:
0px;">cap</span><span style="background-color:
transparent; color: rgb(0, 0, 0);
display: inline; float: none;
font-family: Arial; font-size: 14px;
font-style: normal; font-variant:
normal; font-weight: 400;
letter-spacing: normal; line-height:
23.8px; orphans: 2; text-align:
left; text-decoration: none;
text-indent: 0px; text-transform:
none; -webkit-text-stroke-width:
0px; white-space: normal;
word-spacing: 0px;">_daq_msg_receive,then
reload_config command works \
successfully.</span></span></span></span></span></span></span></span></span></div> \
<div><span style="font: 400 14px/23.8px Arial; text-align: left; color: rgb(0, 0, \
0); text-transform: none; text-indent: 0px;
letter-spacing: normal; text-decoration: none;
word-spacing: 0px; display: inline !important;
white-space: normal; orphans: 2; font-size-adjust:
none; font-stretch: normal; float: none;
-webkit-text-stroke-width: 0px; background-color:
transparent;">
</span><span style="font: 400
14px/23.8px Arial; text-align: left; color: rgb(255,
0, 0); text-transform: none; text-indent: 0px;
letter-spacing: normal; text-decoration: none;
word-spacing: 0px; display: inline !important;
white-space: normal; orphans: 2; font-size-adjust:
none; font-stretch: normal; float: none;
-webkit-text-stroke-width: 0px; background-color:
transparent;">But
can you tell me if the above way for resolving the problem \
can lead to other problems???</span><span style="font: 400 14px/23.8px Arial; \
text-align: left; color: rgb(0, 0, 0); text-transform: none; text-indent: 0px;
letter-spacing: normal; text-decoration: none;
word-spacing: 0px; display: inline !important;
white-space: normal; orphans: 2; font-size-adjust:
none; font-stretch: normal; float: none;
-webkit-text-stroke-width: 0px; background-color:
transparent;"><span style="font: 400 14px/23.8px
Arial; text-align: left; color: rgb(0, 0, 0);
text-transform: none; text-indent: 0px;
letter-spacing: normal; text-decoration: none;
word-spacing: 0px; display: inline; white-space:
normal; orphans: 2; font-size-adjust: none;
font-stretch: normal; float: none;
-webkit-text-stroke-width: 0px; background-color:
transparent;">
and <a style="background-color:
transparent; color: rgb(51, 51, 51);
font-family: arial; font-size: 13px; font-style:
normal; font-variant: normal; font-weight: 400;
letter-spacing: normal; orphans: 2; text-align:
left; text-decoration: underline; text-indent:
0px; text-transform: none;
-webkit-text-stroke-width: 0px; white-space:
normal; word-spacing: 0px;" hidefocus="true" \
href="https://www.baidu.com/link?url=DLH1s96E9ae2ibiWplYpGeimSy4Mjky2eBhUOAX-jfuMSJnKH \
OIj9pjUFrBWT5lZ__tCmlxuKMrYrQq6sTaMxSdINktZq_9a_s91SpmXV2O&wd=&eqid=f75c30f7000f550c000000025d9ef3f0" \
target="_blank" moz-do-not-send="true">secondly</a>, <span style="display: \
inline !important; float: none; background-color: transparent; color: rgb(0, 0,
0); font-family: Arial; font-size: 14px;
font-style: normal; font-variant: normal;
font-weight: 400; letter-spacing: normal;
line-height: 23.8px; orphans: 2; text-align:
left; text-decoration: none; text-indent: 0px;
text-transform: none; -webkit-text-stroke-width:
0px; white-space: normal; word-spacing: 0px;">
why the original processing need </span><span style="background-color: \
transparent; color: rgb(0, 0, 0); display: inline; float: none;
font-family: Arial; font-size: 14px; font-style:
normal; font-variant: normal; font-weight: 400;
letter-spacing: normal; line-height: 23.8px;
orphans: 2; text-align: left; text-decoration:
none; text-indent: 0px; text-transform: none;
-webkit-text-stroke-width: 0px; white-space:
normal; word-spacing: 0px;">
nl_socket_recv() return</span><span style="background-color:
transparent; color: rgb(255, 0, 0); display:
inline; float: none; font-family: Arial;
font-size: 14px; font-size-adjust: none;
font-stretch: 100%; font-style: normal;
font-variant: normal; font-weight: 400;
letter-spacing: normal; line-height: 23.8px;
orphans: 2; text-align: left; text-decoration:
none; text-indent: 0px; text-transform: none;
-webkit-text-stroke-width: 0px; white-space:
normal; word-spacing: 0px;"> EINTR</span>,and
why it can not come out in fact??<br>
</span>
<div style="background-color: transparent; color:
rgb(0, 0, 0); font-family: Arial; font-size: 14px;
font-style: normal; font-variant: normal;
font-weight: 400; letter-spacing: normal;
line-height: 23.8px; margin-bottom: 0px;
margin-left: 0px; margin-right: 0px; margin-top:
0px; orphans: 2; overflow: visible;
padding-bottom: 0px; padding-left: 0px;
padding-right: 0px; padding-top: 0px; text-align:
left; text-decoration: none; text-indent: 0px;
text-transform: none; -webkit-text-stroke-width:
0px; white-space: normal; word-spacing: 0px;">
<span style="font: 400 14px/23.8px Arial;
text-align: left; color: rgb(0, 0, 0);
text-transform: none; text-indent: 0px;
letter-spacing: normal; text-decoration: none;
word-spacing: 0px; display: inline; white-space:
normal; orphans: 2; font-size-adjust: none;
font-stretch: normal; float: none;
-webkit-text-stroke-width: 0px;
background-color: transparent;"></span></div>
</span></div>
<div><span style="font: 400 14px/23.8px Arial;
text-align: left; color: rgb(0, 0, 0);
text-transform: none; text-indent: 0px;
letter-spacing: normal; text-decoration: none;
word-spacing: 0px; display: inline !important;
white-space: normal; orphans: 2; font-size-adjust:
none; font-stretch: normal; float: none;
-webkit-text-stroke-width: 0px; background-color:
transparent;">
</span></div>
<div><span style="display: inline !important; float:
none; background-color: transparent; color: rgb(0,
0, 0); font-family: Arial; font-size: 14px;
font-style: normal; font-variant: normal;
font-weight: 400; letter-spacing: normal;
line-height: 23.8px; orphans: 2; text-align: left;
text-decoration: none; text-indent: 0px;
text-transform: none; -webkit-text-stroke-width:
0px; white-space: normal; word-spacing: 0px;"><span \
style="display: inline !important; float: none; background-color: transparent; \
color: rgb(0, 0, 0); font-family: Arial; font-size: 14px;
font-style: normal; font-variant: normal;
font-weight: 400; letter-spacing: normal;
line-height: 23.8px; orphans: 2; text-align: left;
text-decoration: none; text-indent: 0px;
text-transform: none; -webkit-text-stroke-width:
0px; white-space: normal; word-spacing: 0px;">
</span></span></div>
<div>=================</div>
<div>static unsigned nfq_daq_msg_receive(void *handle, const unsigned max_recv, const \
DAQ_Msg_t *msgs[], DAQ_RecvStatus *rstat)<br> {<br>
Nfq_Context_t *nfqc = (Nfq_Context_t *) handle;<br>
unsigned idx = 0;</div>
<div> *rstat = DAQ_RSTAT_OK;<br>
while (idx < max_recv)<br>
{<br>
/* Make sure that we have a packet \
descriptor available to populate. */<br> \
NfqPktDesc *desc = nfqc->pool.freelist;<br> \
if (!desc)<br> \
{<br> \
*rstat = \
DAQ_RSTAT_NOBUF;<br> \
break;<br> \
}<br> <br>
</div>
<div><span style="color: rgb(255, 0, 0);"> <span style="font: 400 \
14px/23.8px Arial; text-align: left; text-transform: none; text-indent: 0px;
letter-spacing: normal; text-decoration: none;
word-spacing: 0px; display: inline !important;
white-space: normal; orphans: 2; font-size-adjust:
none; font-stretch: normal; float: none;
-webkit-text-stroke-width: 0px; background-color:
transparent;">
/* added by me for reload \
fail*/</span></span></div> <div><span style="color: rgb(255, 0, \
0);"> <span style="font: 400 14px/23.8px Arial; text-align: left; color: \
rgb(255, 0, 0); text-transform: none; text-indent: 0px; letter-spacing: normal;
text-decoration: none; word-spacing: 0px; display:
inline; white-space: normal; orphans: 2;
font-size-adjust: none; font-stretch: normal;
float: none; -webkit-text-stroke-width: 0px;
background-color: \
transparent;">
if (nfqc->interrupted)</span><br style="background-color: transparent; color:
rgb(0, 0, 0); font-family: Arial; font-size: 14px;
font-style: normal; font-variant: normal;
font-weight: 400; letter-spacing: normal;
line-height: 23.8px; margin-bottom: 0px;
margin-left: 0px; margin-right: 0px; margin-top:
0px; orphans: 2; overflow: visible;
padding-bottom: 0px; padding-left: 0px;
padding-right: 0px; padding-top: 0px; text-align:
left; text-decoration: none; text-indent: 0px;
text-transform: none; -webkit-text-stroke-width:
0px; white-space: normal; word-spacing: 0px;">
</span></div>
<div><span style="font: 400 14px/23.8px Arial;
text-align: left; color: rgb(255, 0, 0);
text-transform: none; text-indent: 0px;
letter-spacing: normal; text-decoration: none;
word-spacing: 0px; display: inline; white-space:
normal; orphans: 2; font-size-adjust: none;
font-stretch: normal; float: none;
-webkit-text-stroke-width: 0px; background-color:
transparent;">
{</span></div>
<div><span style="color: rgb(255, 0, 0);"><span style="font: 400 14px/23.8px Arial; \
text-align: left; color: rgb(255, 0, 0); text-transform: none;
text-indent: 0px; letter-spacing: normal;
text-decoration: none; word-spacing: 0px; display:
inline; white-space: normal; orphans: 2;
font-size-adjust: none; font-stretch: normal;
float: none; -webkit-text-stroke-width: 0px;
background-color: transparent;">
\
nfqc->interrupted = false;</span><br style="background-color: transparent; color: \
rgb(0, 0, 0); font-family: Arial; font-size: 14px; font-style: normal; font-variant: \
normal; font-weight: 400; letter-spacing: normal;
line-height: 23.8px; margin-bottom: 0px;
margin-left: 0px; margin-right: 0px; margin-top:
0px; orphans: 2; overflow: visible;
padding-bottom: 0px; padding-left: 0px;
padding-right: 0px; padding-top: 0px; text-align:
left; text-decoration: none; text-indent: 0px;
text-transform: none; -webkit-text-stroke-width:
0px; white-space: normal; word-spacing: 0px;">
<span style="font: 400 14px/23.8px Arial;
text-align: left; color: rgb(255, 0, 0);
text-transform: none; text-indent: 0px;
letter-spacing: normal; text-decoration: none;
word-spacing: 0px; display: inline; white-space:
normal; orphans: 2; font-size-adjust: none;
font-stretch: normal; float: none;
-webkit-text-stroke-width: 0px; background-color:
transparent;">
*rstat \
= DAQ_RSTAT_INTERRUPTED;</span></span></div> <div><span style="font: 400 14px/23.8px \
Arial; text-align: left; color: rgb(255, 0, 0);
text-transform: none; text-indent: 0px;
letter-spacing: normal; text-decoration: none;
word-spacing: 0px; display: inline; white-space:
normal; orphans: 2; font-size-adjust: none;
font-stretch: normal; float: none;
-webkit-text-stroke-width: 0px; background-color:
transparent;">
\
break;</span></div> <div><span style="font: 400 14px/23.8px Arial;
text-align: left; color: rgb(255, 0, 0);
text-transform: none; text-indent: 0px;
letter-spacing: normal; text-decoration: none;
word-spacing: 0px; display: inline; white-space:
normal; orphans: 2; font-size-adjust: none;
font-stretch: normal; float: none;
-webkit-text-stroke-width: 0px; background-color:
transparent;">
}</span></div>
<div><span style="text-align: left; color: rgb(255, 0,
0); text-transform: none; line-height: 23.8px;
text-indent: 0px; letter-spacing: normal;
font-family: Arial; font-size: 14px; font-variant:
normal; word-spacing: 0px; display: inline;
white-space: normal; orphans: 2; float: none;
-webkit-text-stroke-width: 0px; background-color:
transparent;"><span style="font: 400 14px/23.8px
Arial; text-align: left; color: rgb(255, 0, 0);
text-transform: none; text-indent: 0px;
letter-spacing: normal; text-decoration: none;
word-spacing: 0px; display: inline !important;
white-space: normal; orphans: 2; font-size-adjust:
none; font-stretch: normal; float: none;
-webkit-text-stroke-width: 0px; background-color:
transparent;">
/* added by me for reload \
fail*/</span></span></div> <div><span style="display: inline !important; float:
none; background-color: transparent; color: rgb(0,
0, 0); font-family: Arial; font-size: 14px;
font-style: normal; font-variant: normal;
font-weight: 400; letter-spacing: normal;
line-height: 23.8px; orphans: 2; text-align: left;
text-decoration: none; text-indent: 0px;
text-transform: none; -webkit-text-stroke-width:
0px; white-space: normal; word-spacing: 0px;">
ssize_t ret = nl_socket_recv(nfqc, desc->nlmsg_buf, \
nfqc->nlmsg_bufsize, idx == 0);</span><br style="background-color: transparent; \
color: rgb(0, 0, 0); font-family: Arial; font-size: 14px; font-style: normal; \
font-variant: normal; font-weight: 400; letter-spacing: normal;
line-height: 23.8px; margin-bottom: 0px;
margin-left: 0px; margin-right: 0px; margin-top:
0px; orphans: 2; overflow: visible; padding-bottom:
0px; padding-left: 0px; padding-right: 0px;
padding-top: 0px; text-align: left; text-decoration:
none; text-indent: 0px; text-transform: none;
-webkit-text-stroke-width: 0px; white-space: normal;
word-spacing: 0px;">
<span style="display: inline !important; float: none;
background-color: transparent; color: rgb(0, 0, 0);
font-family: Arial; font-size: 14px; font-style:
normal; font-variant: normal; font-weight: 400;
letter-spacing: normal; line-height: 23.8px;
orphans: 2; text-align: left; text-decoration: none;
text-indent: 0px; text-transform: none;
-webkit-text-stroke-width: 0px; white-space: normal;
word-spacing: 0px;">
if (ret < 0)</span><br style="background-color: transparent; color: rgb(0,
0, 0); font-family: Arial; font-size: 14px;
font-style: normal; font-variant: normal;
font-weight: 400; letter-spacing: normal;
line-height: 23.8px; margin-bottom: 0px;
margin-left: 0px; margin-right: 0px; margin-top:
0px; orphans: 2; overflow: visible; padding-bottom:
0px; padding-left: 0px; padding-right: 0px;
padding-top: 0px; text-align: left; text-decoration:
none; text-indent: 0px; text-transform: none;
-webkit-text-stroke-width: 0px; white-space: normal;
word-spacing: 0px;">
<span style="display: inline !important; float: none;
background-color: transparent; color: rgb(0, 0, 0);
font-family: Arial; font-size: 14px; font-style:
normal; font-variant: normal; font-weight: 400;
letter-spacing: normal; line-height: 23.8px;
orphans: 2; text-align: left; text-decoration: none;
text-indent: 0px; text-transform: none;
-webkit-text-stroke-width: 0px; white-space: normal;
word-spacing: 0px;">
{</span><br style="background-color: transparent; color: rgb(0,
0, 0); font-family: Arial; font-size: 14px;
font-style: normal; font-variant: normal;
font-weight: 400; letter-spacing: normal;
line-height: 23.8px; margin-bottom: 0px;
margin-left: 0px; margin-right: 0px; margin-top:
0px; orphans: 2; overflow: visible; padding-bottom:
0px; padding-left: 0px; padding-right: 0px;
padding-top: 0px; text-align: left; text-decoration:
none; text-indent: 0px; text-transform: none;
-webkit-text-stroke-width: 0px; white-space: normal;
word-spacing: 0px;">
<span style="display: inline !important; float: none;
background-color: transparent; color: rgb(0, 0, 0);
font-family: Arial; font-size: 14px; font-style:
normal; font-variant: normal; font-weight: 400;
letter-spacing: normal; line-height: 23.8px;
orphans: 2; text-align: left; text-decoration: none;
text-indent: 0px; text-transform: none;
-webkit-text-stroke-width: 0px; white-space: normal;
word-spacing: \
0px;"> if (errno \
== ENOBUFS)</span><br style="background-color: transparent; color: rgb(0, 0, 0); \
font-family: Arial; font-size: 14px; font-style: normal;
font-variant: normal; font-weight: 400;
letter-spacing: normal; line-height: 23.8px;
margin-bottom: 0px; margin-left: 0px; margin-right:
0px; margin-top: 0px; orphans: 2; overflow: visible;
padding-bottom: 0px; padding-left: 0px;
padding-right: 0px; padding-top: 0px; text-align:
left; text-decoration: none; text-indent: 0px;
text-transform: none; -webkit-text-stroke-width:
0px; white-space: normal; word-spacing: 0px;">
<span style="display: inline !important; float: none;
background-color: transparent; color: rgb(0, 0, 0);
font-family: Arial; font-size: 14px; font-style:
normal; font-variant: normal; font-weight: 400;
letter-spacing: normal; line-height: 23.8px;
orphans: 2; text-align: left; text-decoration: none;
text-indent: 0px; text-transform: none;
-webkit-text-stroke-width: 0px; white-space: normal;
word-spacing: \
0px;"> {</span><br \
style="background-color: transparent; color: rgb(0, 0, 0); font-family: Arial; \
font-size: 14px; font-style: normal; font-variant: normal;
font-weight: 400; letter-spacing: normal;
line-height: 23.8px; margin-bottom: 0px;
margin-left: 0px; margin-right: 0px; margin-top:
0px; orphans: 2; overflow: visible; padding-bottom:
0px; padding-left: 0px; padding-right: 0px;
padding-top: 0px; text-align: left; text-decoration:
none; text-indent: 0px; text-transform: none;
-webkit-text-stroke-width: 0px; white-space: normal;
word-spacing: 0px;">
<span style="display: inline !important; float: none;
background-color: transparent; color: rgb(0, 0, 0);
font-family: Arial; font-size: 14px; font-style:
normal; font-variant: normal; font-weight: 400;
letter-spacing: normal; line-height: 23.8px;
orphans: 2; text-align: left; text-decoration: none;
text-indent: 0px; text-transform: none;
-webkit-text-stroke-width: 0px; white-space: normal;
word-spacing: \
0px;">
nfqc->stats.hw_packets_dropped++;</span><br style="background-color: \
transparent; color: rgb(0, 0, 0); font-family: Arial; font-size: 14px;
font-style: normal; font-variant: normal;
font-weight: 400; letter-spacing: normal;
line-height: 23.8px; margin-bottom: 0px;
margin-left: 0px; margin-right: 0px; margin-top:
0px; orphans: 2; overflow: visible; padding-bottom:
0px; padding-left: 0px; padding-right: 0px;
padding-top: 0px; text-align: left; text-decoration:
none; text-indent: 0px; text-transform: none;
-webkit-text-stroke-width: 0px; white-space: normal;
word-spacing: 0px;">
<span style="display: inline !important; float: none;
background-color: transparent; color: rgb(0, 0, 0);
font-family: Arial; font-size: 14px; font-style:
normal; font-variant: normal; font-weight: 400;
letter-spacing: normal; line-height: 23.8px;
orphans: 2; text-align: left; text-decoration: none;
text-indent: 0px; text-transform: none;
-webkit-text-stroke-width: 0px; white-space: normal;
word-spacing: \
0px;">
continue;</span><br style="background-color: transparent; color: rgb(0,
0, 0); font-family: Arial; font-size: 14px;
font-style: normal; font-variant: normal;
font-weight: 400; letter-spacing: normal;
line-height: 23.8px; margin-bottom: 0px;
margin-left: 0px; margin-right: 0px; margin-top:
0px; orphans: 2; overflow: visible; padding-bottom:
0px; padding-left: 0px; padding-right: 0px;
padding-top: 0px; text-align: left; text-decoration:
none; text-indent: 0px; text-transform: none;
-webkit-text-stroke-width: 0px; white-space: normal;
word-spacing: 0px;">
<span style="display: inline !important; float: none;
background-color: transparent; color: rgb(0, 0, 0);
font-family: Arial; font-size: 14px; font-style:
normal; font-variant: normal; font-weight: 400;
letter-spacing: normal; line-height: 23.8px;
orphans: 2; text-align: left; text-decoration: none;
text-indent: 0px; text-transform: none;
-webkit-text-stroke-width: 0px; white-space: normal;
word-spacing: \
0px;"> }</span><br \
style="background-color: transparent; color: rgb(0, 0, 0); font-family: Arial; \
font-size: 14px; font-style: normal; font-variant: normal;
font-weight: 400; letter-spacing: normal;
line-height: 23.8px; margin-bottom: 0px;
margin-left: 0px; margin-right: 0px; margin-top:
0px; orphans: 2; overflow: visible; padding-bottom:
0px; padding-left: 0px; padding-right: 0px;
padding-top: 0px; text-align: left; text-decoration:
none; text-indent: 0px; text-transform: none;
-webkit-text-stroke-width: 0px; white-space: normal;
word-spacing: 0px;">
<span style="display: inline !important; float: none;
background-color: transparent; color: rgb(0, 0, 0);
font-family: Arial; font-size: 14px; font-style:
normal; font-variant: normal; font-weight: 400;
letter-spacing: normal; line-height: 23.8px;
orphans: 2; text-align: left; text-decoration: none;
text-indent: 0px; text-transform: none;
-webkit-text-stroke-width: 0px; white-space: normal;
word-spacing: \
0px;"> else if \
(errno == EAGAIN || errno == EWOULDBLOCK)</span><br style="background-color: \
transparent; color: rgb(0, 0, 0); font-family: Arial; font-size: 14px;
font-style: normal; font-variant: normal;
font-weight: 400; letter-spacing: normal;
line-height: 23.8px; margin-bottom: 0px;
margin-left: 0px; margin-right: 0px; margin-top:
0px; orphans: 2; overflow: visible; padding-bottom:
0px; padding-left: 0px; padding-right: 0px;
padding-top: 0px; text-align: left; text-decoration:
none; text-indent: 0px; text-transform: none;
-webkit-text-stroke-width: 0px; white-space: normal;
word-spacing: 0px;">
<span style="display: inline !important; float: none;
background-color: transparent; color: rgb(0, 0, 0);
font-family: Arial; font-size: 14px; font-style:
normal; font-variant: normal; font-weight: 400;
letter-spacing: normal; line-height: 23.8px;
orphans: 2; text-align: left; text-decoration: none;
text-indent: 0px; text-transform: none;
-webkit-text-stroke-width: 0px; white-space: normal;
word-spacing: \
0px;">
*rstat = (idx == 0) ? DAQ_RSTAT_TIMEOUT : DAQ_RSTAT_WOULD_BLOCK;</span><br \
style="background-color: transparent; color: rgb(0, 0, 0); font-family: Arial; \
font-size: 14px; font-style: normal; font-variant: normal;
font-weight: 400; letter-spacing: normal;
line-height: 23.8px; margin-bottom: 0px;
margin-left: 0px; margin-right: 0px; margin-top:
0px; orphans: 2; overflow: visible; padding-bottom:
0px; padding-left: 0px; padding-right: 0px;
padding-top: 0px; text-align: left; text-decoration:
none; text-indent: 0px; text-transform: none;
-webkit-text-stroke-width: 0px; white-space: normal;
word-spacing: 0px;">
<span style="color: rgb(255, 0, 0);"><span style="font: 400 14px/23.8px Arial; \
text-align: left; text-transform: none; text-indent: 0px;
letter-spacing: normal; text-decoration: none;
word-spacing: 0px; display: inline !important;
white-space: normal; orphans: 2; font-size-adjust:
none; font-stretch: normal; float: none;
-webkit-text-stroke-width: 0px; background-color:
\
transparent;"> \
else if (errno == EINTR) // the original processing</span><br \
style="background-color: transparent; color: rgb(0, 0, 0); font-family: Arial; \
font-size: 14px; font-style: normal; font-variant: normal;
font-weight: 400; letter-spacing: normal;
line-height: 23.8px; margin-bottom: 0px;
margin-left: 0px; margin-right: 0px; margin-top:
0px; orphans: 2; overflow: visible;
padding-bottom: 0px; padding-left: 0px;
padding-right: 0px; padding-top: 0px; text-align:
left; text-decoration: none; text-indent: 0px;
text-transform: none; -webkit-text-stroke-width:
0px; white-space: normal; word-spacing: 0px;">
<span style="font: 400 14px/23.8px Arial;
text-align: left; text-transform: none;
text-indent: 0px; letter-spacing: normal;
text-decoration: none; word-spacing: 0px; display:
inline !important; white-space: normal; orphans:
2; font-size-adjust: none; font-stretch: normal;
float: none; -webkit-text-stroke-width: 0px;
background-color: \
transparent;"> \
{</span><br style="background-color: transparent; color: rgb(0, 0, 0); font-family: \
Arial; font-size: 14px; font-style: normal; font-variant: normal;
font-weight: 400; letter-spacing: normal;
line-height: 23.8px; margin-bottom: 0px;
margin-left: 0px; margin-right: 0px; margin-top:
0px; orphans: 2; overflow: visible;
padding-bottom: 0px; padding-left: 0px;
padding-right: 0px; padding-top: 0px; text-align:
left; text-decoration: none; text-indent: 0px;
text-transform: none; -webkit-text-stroke-width:
0px; white-space: normal; word-spacing: 0px;">
<span style="font: 400 14px/23.8px Arial;
text-align: left; text-transform: none;
text-indent: 0px; letter-spacing: normal;
text-decoration: none; word-spacing: 0px; display:
inline !important; white-space: normal; orphans:
2; font-size-adjust: none; font-stretch: normal;
float: none; -webkit-text-stroke-width: 0px;
background-color: \
transparent;">
if (!nfqc->interrupted)</span><br style="background-color: transparent; color:
rgb(0, 0, 0); font-family: Arial; font-size: 14px;
font-style: normal; font-variant: normal;
font-weight: 400; letter-spacing: normal;
line-height: 23.8px; margin-bottom: 0px;
margin-left: 0px; margin-right: 0px; margin-top:
0px; orphans: 2; overflow: visible;
padding-bottom: 0px; padding-left: 0px;
padding-right: 0px; padding-top: 0px; text-align:
left; text-decoration: none; text-indent: 0px;
text-transform: none; -webkit-text-stroke-width:
0px; white-space: normal; word-spacing: 0px;">
<span style="font: 400 14px/23.8px Arial;
text-align: left; text-transform: none;
text-indent: 0px; letter-spacing: normal;
text-decoration: none; word-spacing: 0px; display:
inline !important; white-space: normal; orphans:
2; font-size-adjust: none; font-stretch: normal;
float: none; -webkit-text-stroke-width: 0px;
background-color: \
transparent;">
continue;</span><br style="background-color:
transparent; color: rgb(0, 0, 0); font-family:
Arial; font-size: 14px; font-style: normal;
font-variant: normal; font-weight: 400;
letter-spacing: normal; line-height: 23.8px;
margin-bottom: 0px; margin-left: 0px;
margin-right: 0px; margin-top: 0px; orphans: 2;
overflow: visible; padding-bottom: 0px;
padding-left: 0px; padding-right: 0px;
padding-top: 0px; text-align: left;
text-decoration: none; text-indent: 0px;
text-transform: none; -webkit-text-stroke-width:
0px; white-space: normal; word-spacing: 0px;">
<span style="font: 400 14px/23.8px Arial;
text-align: left; text-transform: none;
text-indent: 0px; letter-spacing: normal;
text-decoration: none; word-spacing: 0px; display:
inline !important; white-space: normal; orphans:
2; font-size-adjust: none; font-stretch: normal;
float: none; -webkit-text-stroke-width: 0px;
background-color: \
transparent;">
nfqc->interrupted = false;</span><br style="background-color: transparent; \
color: rgb(0, 0, 0); font-family: Arial; font-size: 14px;
font-style: normal; font-variant: normal;
font-weight: 400; letter-spacing: normal;
line-height: 23.8px; margin-bottom: 0px;
margin-left: 0px; margin-right: 0px; margin-top:
0px; orphans: 2; overflow: visible;
padding-bottom: 0px; padding-left: 0px;
padding-right: 0px; padding-top: 0px; text-align:
left; text-decoration: none; text-indent: 0px;
text-transform: none; -webkit-text-stroke-width:
0px; white-space: normal; word-spacing: 0px;">
<span style="font: 400 14px/23.8px Arial;
text-align: left; text-transform: none;
text-indent: 0px; letter-spacing: normal;
text-decoration: none; word-spacing: 0px; display:
inline !important; white-space: normal; orphans:
2; font-size-adjust: none; font-stretch: normal;
float: none; -webkit-text-stroke-width: 0px;
background-color: \
transparent;">
*rstat = DAQ_RSTAT_INTERRUPTED;</span><br style="background-color: transparent; \
color: rgb(0, 0, 0); font-family: Arial; font-size: 14px;
font-style: normal; font-variant: normal;
font-weight: 400; letter-spacing: normal;
line-height: 23.8px; margin-bottom: 0px;
margin-left: 0px; margin-right: 0px; margin-top:
0px; orphans: 2; overflow: visible;
padding-bottom: 0px; padding-left: 0px;
padding-right: 0px; padding-top: 0px; text-align:
left; text-decoration: none; text-indent: 0px;
text-transform: none; -webkit-text-stroke-width:
0px; white-space: normal; word-spacing: 0px;">
<span style="font: 400 14px/23.8px Arial;
text-align: left; text-transform: none;
text-indent: 0px; letter-spacing: normal;
text-decoration: none; word-spacing: 0px; display:
inline !important; white-space: normal; orphans:
2; font-size-adjust: none; font-stretch: normal;
float: none; -webkit-text-stroke-width: 0px;
background-color: \
transparent;"> \
}</span></span><br> </div>
<div>======================================================================================================================================================</div>
<div>static unsigned nfq_daq_msg_receive(void *handle, const unsigned max_recv, \
const DAQ_Msg_t *msgs[], DAQ_RecvStatus *rstat)<br> {<br>
Nfq_Context_t *nfqc = (Nfq_Context_t *) handle;<br>
unsigned idx = 0;</div>
<div> *rstat = DAQ_RSTAT_OK;<br>
while (idx < max_recv)<br>
{<br>
/* Make sure that we have a packet \
descriptor available to populate. */<br> \
NfqPktDesc *desc = nfqc->pool.freelist;<br> \
if (!desc)<br> \
{<br> \
*rstat = \
DAQ_RSTAT_NOBUF;<br> \
break;<br> \
}</div> \
<div> ssize_t ret = nl_socket_recv(nfqc, \
desc->nlmsg_buf, nfqc->nlmsg_bufsize, idx == 0);<br> \
if (ret < 0)<br> \
{<br> \
if (errno == \
ENOBUFS)<br> {<br>
\
nfqc->stats.hw_packets_dropped++;<br> \
\
continue;<br> \
}<br> else if \
(errno == EAGAIN || errno == EWOULDBLOCK)<br> \
\
*rstat = (idx == 0) ? DAQ_RSTAT_TIMEOUT : DAQ_RSTAT_WOULD_BLOCK;<br> \
else if (errno == \
EINTR)<br> {<br>
\
if (!nfqc->interrupted)<br> \
\
continue;<br> \
nfqc->interrupted = false;<br> \
\
*rstat = DAQ_RSTAT_INTERRUPTED;<br> \
}<br> \
else<br> \
{<br> \
\
SET_ERROR(nfqc->modinst, "%s: Socket receive failed: %zd - %s (%d)",<br> \
\
__func__, ret, strerror(errno), errno);<br> \
\
*rstat = DAQ_RSTAT_ERROR;<br> \
}<br> \
break;<br> \
}<br> \
errno = 0;<br> \
ret = mnl_cb_run(desc->nlmsg_buf, ret, \
0, nfqc->portid, process_message_cb, desc);<br> \
if (ret < 0)<br> \
{<br> \
\
SET_ERROR(nfqc->modinst, "%s: Netlink message processing failed: %zd - %s \
(%d)",<br> \
__func__, ret, strerror(errno), errno);<br> \
*rstat = \
DAQ_RSTAT_ERROR;<br> \
break;<br> \
}</div> \
<div> /* Increment the module instance's \
packet counter. */<br> \
nfqc->stats.packets_received++;</div> \
<div> /* Last, but not least, extract this \
descriptor from the free list and<br> \
place the message \
in the return vector. */<br> \
nfqc->pool.freelist = desc->next;<br> \
desc->next = NULL;<br> \
nfqc->pool.info.available--;<br> \
msgs[idx] = &desc->msg;</div> \
<div> idx++;<br> \
}<br> ==========================================================================<br>
</div>
<div>static unsigned pcap_daq_msg_receive(void *handle, const unsigned max_recv, \
const DAQ_Msg_t *msgs[], DAQ_RecvStatus *rstat)<br> {<br>
struct pcap_pkthdr *pcaphdr;<br>
Pcap_Context_t *pc = (Pcap_Context_t *) handle;<br>
const u_char *data;<br>
unsigned idx;</div>
<div> *rstat = DAQ_RSTAT_OK;<br>
for (idx = 0; idx < max_recv; idx++)<br>
{<br>
/* Check to see if the receive has been \
canceled. If so, reset it and return appropriately. */<br> \
if (pc->interrupted)<br> \
{<br> \
pc->interrupted \
= false;<br> \
*rstat = DAQ_RSTAT_INTERRUPTED;<br> \
break;<br> \
}</div> \
<div> /* If there is a pending descriptor \
from the readback timeout feature, check if it's ready<br> \
to be \
realized. If it is, finish receiving it and carry on. */<br> \
if (pc->pending_desc)<br> \
{<br> \
struct timeval \
delta;<br> \
timersub(&pc->pending_desc->pkthdr.ts, &pc->last_recv, \
&delta);<br> \
if (timercmp(&delta, &pc->timeout_tv, >))<br> \
{<br> \
\
timeradd(&pc->last_recv, &pc->timeout_tv, &pc->last_recv);<br> \
\
*rstat = DAQ_RSTAT_TIMEOUT;<br> \
\
break;<br> }<br>
pc->last_recv = \
pc->pending_desc->pkthdr.ts;<br> \
\
pc->pool.info.available--;<br> \
msgs[idx] = \
&pc->pending_desc->msg;<br> \
\
pc->stats.packets_received++;<br> \
\
pc->pending_desc = NULL;<br> \
continue;<br> \
}</div> \
<div> /* Make sure that we have a packet \
descriptor available to populate *before*<br> \
calling into \
libpcap. */<br> PcapPktDesc *desc = \
pc->pool.freelist;<br> if (!desc)<br>
{<br>
*rstat = \
DAQ_RSTAT_NOBUF;<br> \
break;<br> \
}</div> \
<div> /* When dealing with a live \
interface, try to get the first packet in non-blocking mode.<br> \
If there's nothing \
to receive, switch to blocking mode. */<br> \
int pcap_rval;<br> \
if (pc->mode != DAQ_MODE_READ_FILE \
&& idx == 0)<br> {<br>
if \
(set_nonblocking(pc, true) != DAQ_SUCCESS)<br> \
{<br> \
\
*rstat = DAQ_RSTAT_ERROR;<br> \
\
break;<br> }<br>
pcap_rval = \
pcap_next_ex(pc->handle, &pcaphdr, &data);<br> \
if (pcap_rval == \
0)<br> {<br>
\
if (set_nonblocking(pc, false) != DAQ_SUCCESS)<br> \
\
{<br> \
*rstat = DAQ_RSTAT_ERROR;<br> \
\
break;<br> \
}<br> \
pcap_rval = pcap_next_ex(pc->handle, &pcaphdr, &data);<br> \
}<br> \
}<br> \
else<br> \
pcap_rval = \
pcap_next_ex(pc->handle, &pcaphdr, &data);</div> \
<div> if (pcap_rval <= 0)<br> \
{<br> \
if (pcap_rval == \
0)<br> \
*rstat = (idx == 0) ? DAQ_RSTAT_TIMEOUT : DAQ_RSTAT_WOULD_BLOCK;<br> \
else if (pcap_rval \
== -1)<br> {<br>
\
SET_ERROR(pc->modinst, "%s", pcap_geterr(pc->handle));<br> \
\
*rstat = DAQ_RSTAT_ERROR;<br> \
}<br> \
else if (pcap_rval \
== -2)<br> {<br>
\
/* LibPCAP brilliantly decides to return -2 if it hit EOF in readback OR \
pcap_breakloop()<br> \
\
was called. Let's try to differentiate by checking to see if we asked for a \
break. */<br> \
if (!pc->interrupted && pc->mode == DAQ_MODE_READ_FILE)<br> \
\
{<br> \
/* Insert a final timeout receive status when readback timeout mode is enabled. \
*/<br> \
if (pc->readback_timeout && !pc->final_readback_timeout)<br> \
\
{<br> \
pc->final_readback_timeout = true;<br> \
\
*rstat = DAQ_RSTAT_TIMEOUT;<br> \
\
}<br> \
else<br> \
*rstat = DAQ_RSTAT_EOF;<br> \
\
}<br> \
else<br> \
{<br> \
pc->interrupted = false;<br> \
\
*rstat = DAQ_RSTAT_INTERRUPTED;<br> \
\
}<br> }<br>
break;<br>
}</div>
<div> /* Update hw packet counters to make \
sure we detect counter overflow */<br> if \
(++pc->hwupdate_count == DAQ_PCAP_ROLLOVER_LIM)<br> \
\
update_hw_stats(pc);</div> <div> /* \
Populate the packet descriptor */<br> int \
caplen = (pcaphdr->caplen > pc->snaplen) ? pc->snaplen : \
pcaphdr->caplen;<br> \
memcpy(desc->data, data, caplen);</div> \
<div> /* Next, set up the DAQ \
message. Most fields are prepopulated and unchanging. */<br> \
DAQ_Msg_t *msg = &desc->msg;<br> \
msg->data_len = caplen;</div> \
<div> /* Then, set up the DAQ packet \
header. */<br> DAQ_PktHdr_t *pkthdr = \
&desc->pkthdr;<br> \
pkthdr->pktlen = pcaphdr->len;<br> \
pkthdr->ts.tv_sec = pcaphdr->ts.tv_sec;<br> \
pkthdr->ts.tv_usec = \
pcaphdr->ts.tv_usec;</div> <div> /* \
Last, but not least, extract this descriptor from the free list and <br>
place the message \
in the return vector. */<br> \
pc->pool.freelist = desc->next;<br> \
desc->next = NULL;<br> /* If the \
readback timeout feature is enabled, check to see if the configured timeout has<br> \
elapsed between \
the previous packet and this one. If it has, store the descriptor for<br> \
later without \
modifying counters and return the timeout receive status. */<br> \
if (pc->mode == DAQ_MODE_READ_FILE \
&& pc->readback_timeout && pc->timeout > 0)<br> \
{<br> \
if \
(timerisset(&pc->last_recv) && timercmp(&pkthdr->ts, \
&pc->last_recv, >))<br> \
{<br> \
\
struct timeval delta;<br> \
\
timersub(&pkthdr->ts, &pc->last_recv, &delta);<br> \
\
if (timercmp(&delta, &pc->timeout_tv, >))<br> \
\
{<br> \
pc->pending_desc = desc;<br> \
\
timeradd(&pc->last_recv, &pc->timeout_tv, &pc->last_recv);<br> \
\
*rstat = DAQ_RSTAT_TIMEOUT;<br> \
\
break;<br> \
}<br> }<br>
pc->last_recv = \
pkthdr->ts;<br> }<br>
pc->pool.info.available--;<br>
msgs[idx] = &desc->msg;</div>
<div> /* Finally, increment the module \
instance's packet counter. */<br> \
pc->stats.packets_received++;<br> }</div>
<div> return idx;<br>
}<br>
</div>
<br>
<br>
<br>
<br>
<br>
<br>
At 2019-10-10 10:37:54, "Russ Combs (rucombs)" <a \
class="moz-txt-link-rfc2396E" href="mailto:rucombs@cisco.com" moz-do-not-send="true"> \
<rucombs@cisco.com></a> wrote:<br> <blockquote id="isReplyContent" \
style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px
solid">
<style></style>
<div class="WordSection1">
<p class="MsoNormal">Does Ctrl+C exit normally with the NFQ DAQ without \
reload?<o:p></o:p></p> <p class="MsoNormal"><o:p> </o:p></p>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:12.0pt;color:black">From: \
</span></b><span style="font-size:12.0pt;color:black">sofardware <a \
class="moz-txt-link-rfc2396E" href="mailto:sofardware@126.com" \
moz-do-not-send="true"> <sofardware@126.com></a><br>
<b>Date: </b>Wednesday, October 9, 2019 at 10:13 PM<br>
<b>To: </b>"Tom Peters (thopeter)" <a class="moz-txt-link-rfc2396E" \
href="mailto:thopeter@cisco.com" moz-do-not-send="true"> \
<thopeter@cisco.com></a><br> <b>Cc: </b>"Shravan Rangarajuvenkata \
(shrarang)" <a class="moz-txt-link-rfc2396E" href="mailto:shrarang@cisco.com" \
moz-do-not-send="true"> <shrarang@cisco.com></a>, <a \
class="moz-txt-link-rfc2396E" href="mailto:Snort-users@lists.snort.org" \
moz-do-not-send="true"> "Snort-users@lists.snort.org"</a> <a \
class="moz-txt-link-rfc2396E" href="mailto:Snort-users@lists.snort.org" \
moz-do-not-send="true"> <Snort-users@lists.snort.org></a>, "Russ Combs \
(rucombs)" <a class="moz-txt-link-rfc2396E" href="mailto:rucombs@cisco.com" \
moz-do-not-send="true"> <rucombs@cisco.com></a><br>
<b>Subject: </b>Help please</span><span style="font-size:12.0pt;font-family:" ms="" \
gothic="">!!!</span><span style="font-size:12.0pt;color:black"> snort_build261 \
can not reload config successfully with daq in nfq<o:p></o:p></span></p> </div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<div>
<div>
<div>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:" \
arial=""><o:p> </o:p></span></p> </div>
<div>
<div>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:" \
arial="">Hi,<o:p></o:p></span></p> </div>
<div>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:" arial=""> \
I am </span><span style="font-size:10.0pt;font-family:" \
arial=""> anxious to</span><span style="font-size:12.0pt;font-family:" \
arial=""> </span><span style="font-size:10.5pt;font-family:" arial=""> resolve \
this problem. Please give me some help. Thank you very much.<o:p></o:p></span></p> \
</div> <p class="MsoNormal"><span style="font-size:10.5pt;font-family:" \
arial=""> I have read README file in snort3 and DAQ, and \
did not found useful info for this problem.<o:p></o:p></span></p> </div>
<div>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:" \
arial="">-----------------------<o:p></o:p></span></p> </div>
<div>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:" \
arial="">Hi</span><span style="font-size:10.5pt;font-family:" ms="" \
gothic="">,</span><span style="font-size:10.5pt;font-family:" \
arial=""><o:p></o:p></span></p> </div>
<div>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:" \
arial=""> I need help for this</span><span \
style="font-size:10.5pt;font-family:" ms="" gothic="">:</span><span \
style="font-size:10.5pt;font-family:" arial=""><o:p></o:p></span></p> </div>
<div>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:" arial=""> \
snort_build261 can not reload config successfully with daq in \
nfq</span><span style="font-size:10.5pt;font-family:" ms="" gothic="">,</span><span \
style="font-size:10.5pt;font-family:" arial=""> and also can not be exit \
by pressing keys "Ctrl+C".<o:p></o:p></span></p> </div>
<div>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:" \
arial=""> But it works well with daq of not \
nfq.<o:p></o:p></span></p> </div>
<div>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:" \
arial=""><o:p> </o:p></span></p> </div>
<div>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:" \
arial="">[root@localhost build]# /usr/local/snort261/bin/snort --daq-dir \
/usr/local/lib/daq/ --daq nfq -i 1 -c /usr/local/snort261/etc/snort/snort.lua --shell \
-j</span><span style="font-size:10.5pt;font-family:" arial=""><br>
--------------------------------------------------<br>
o")~ Snort++ 3.0.0-261<br>
--------------------------------------------------<br>
Loading /usr/local/snort261/etc/snort/snort.lua:<br>
Loading snort_defaults.lua:<br>
Finished snort_defaults.lua:<br>
Loading file_magic.lua:<br>
Finished file_magic.lua:<br>
ssh<br>
host_cache<br>
pop<br>
binder<br>
stream_tcp<br>
network<br>
gtp_inspect<br>
packets<br>
dce_http_proxy<br>
stream_icmp<br>
normalizer<br>
ftp_server<br>
stream_udp<br>
search_engine<br>
ips<br>
dce_smb<br>
latency<br>
wizard<br>
appid<br>
file_id<br>
ftp_data<br>
hosts<br>
smtp<br>
port_scan<br>
dce_http_server<br>
modbus<br>
dce_tcp<br>
telnet<br>
host_tracker<br>
ssl<br>
sip<br>
rpc_decode<br>
http2_inspect<br>
http_inspect<br>
back_orifice<br>
stream_user<br>
stream_ip<br>
classifications<br>
dnp3<br>
active<br>
ftp_client<br>
daq<br>
decode<br>
alerts<br>
stream<br>
references<br>
arp_spoof<br>
output<br>
dns<br>
dce_udp<br>
imap<br>
process<br>
stream_file<br>
Finished /usr/local/snort261/etc/snort/snort.lua:<br>
--------------------------------------------------<br>
/usr/local/lib/daq//daq_afpacket.so: Module API version (0x10007) differs from \
expected version (0x30001)<br>
/usr/local/lib/daq//daq_afpacket.so: Failed to register DAQ module.<br>
/usr/local/lib/daq//daq_ipfw.so: Module API version (0x10007) differs from expected \
version (0x30001)<br>
/usr/local/lib/daq//daq_ipfw.so: Failed to register DAQ module.<br>
nfq DAQ configured to passive.<br>
Commencing packet processing<br>
Entering command shell<br>
o")~ <br>
++ [0] 1<br>
</span><span style="font-size:10.5pt;font-family:" \
arial="">reload_config('/usr/local/snort261/etc/snort/snort.lua')</span><span \
style="font-size:10.5pt;font-family:" arial=""><br>
.. reloading configuration<br>
Loading /usr/local/snort261/etc/snort/snort.lua:<br>
Loading snort_defaults.lua:<br>
Finished snort_defaults.lua:<br>
Loading file_magic.lua:<br>
Finished file_magic.lua:<br>
ssh<br>
host_cache<br>
pop<br>
binder<br>
stream_tcp<br>
network<br>
gtp_inspect<br>
packets<br>
dce_http_proxy<br>
stream_icmp<br>
normalizer<br>
ftp_server<br>
stream_udp<br>
search_engine<br>
ips<br>
dce_smb<br>
latency<br>
wizard<br>
appid<br>
file_id<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:" \
arial=""> ftp_data<br> hosts<br>
smtp<br>
port_scan<br>
dce_http_server<br>
modbus<br>
dce_tcp<br>
telnet<br>
host_tracker<br>
ssl<br>
sip<br>
rpc_decode<br>
http2_inspect<br>
http_inspect<br>
back_orifice<br>
stream_user<br>
stream_ip<br>
classifications<br>
dnp3<br>
active<br>
ftp_client<br>
daq<br>
decode<br>
alerts<br>
stream<br>
references<br>
arp_spoof<br>
output<br>
dns<br>
dce_udp<br>
imap<br>
process<br>
stream_file<br>
</span><span style="font-size:10.5pt;font-family:" arial="">Finished \
/usr/local/snort261/etc/snort/snort.lua:<br> 0 hosts loaded<br>
reload_config('/usr/local/snort261/etc/snort/snort.lua')</span><span \
style="font-size:10.5pt;font-family:" arial=""><o:p></o:p></span></p> </div>
<div>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:" arial="">== reload \
pending; retry</span><span style="font-size:10.5pt;font-family:" arial=""><br> ^C** \
caught int signal<br> == stopping<br>
^C** caught int signal<br>
== stopping<br>
^C** caught int signal<br>
== stopping<br>
^C** caught int signal<br>
== stopping<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:" \
arial=""><o:p> </o:p></span></p> </div>
<div>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:" \
arial=""><o:p> </o:p></span></p> </div>
<div>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:" \
arial="">==============================================================================no \
nfq================<o:p></o:p></span></p> </div>
<div>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:" \
arial="">[root@localhost build]# /usr/local/snort261/bin/snort --daq-dir \
/usr/local/lib/daq/ -i eth0 -c /usr/local/snort261/etc/snort/snort.lua --shell \
-j</span><span style="font-size:10.5pt;font-family:" arial=""><br>
--------------------------------------------------<br>
o")~ Snort++ 3.0.0-261<br>
--------------------------------------------------<br>
Loading /usr/local/snort261/etc/snort/snort.lua:<br>
Loading snort_defaults.lua:<br>
Finished snort_defaults.lua:<br>
Loading file_magic.lua:<br>
Finished file_magic.lua:<br>
ssh<br>
host_cache<br>
pop<br>
binder<br>
stream_tcp<br>
network<br>
gtp_inspect<br>
packets<br>
dce_http_proxy<br>
stream_icmp<br>
normalizer<br>
ftp_server<br>
stream_udp<br>
search_engine<br>
ips<br>
dce_smb<br>
latency<br>
wizard<br>
appid<br>
file_id<br>
ftp_data<br>
hosts<br>
smtp<br>
port_scan<br>
dce_http_server<br>
modbus<br>
dce_tcp<br>
telnet<br>
host_tracker<br>
ssl<br>
sip<br>
rpc_decode<br>
http2_inspect<br>
http_inspect<br>
back_orifice<br>
stream_user<br>
stream_ip<br>
classifications<br>
dnp3<br>
active<br>
ftp_client<br>
daq<br>
decode<br>
alerts<br>
stream<br>
references<br>
arp_spoof<br>
output<br>
dns<br>
dce_udp<br>
imap<br>
process<br>
stream_file<br>
Finished /usr/local/snort261/etc/snort/snort.lua:<br>
--------------------------------------------------<br>
/usr/local/lib/daq//daq_afpacket.so: Module API version (0x10007) differs from \
expected version (0x30001)<br>
/usr/local/lib/daq//daq_afpacket.so: Failed to register DAQ module.<br>
/usr/local/lib/daq//daq_ipfw.so: Module API version (0x10007) differs from expected \
version (0x30001)<br>
/usr/local/lib/daq//daq_ipfw.so: Failed to register DAQ module.<br>
pcap DAQ configured to passive.<br>
Commencing packet processing<br>
Entering command shell<br>
o")~ <br>
++ [0] eth0<br>
reload_config('/usr/local/snort261/etc/snort/snort.lua')<br>
.. reloading configuration<br>
Loading /usr/local/snort261/etc/snort/snort.lua:<br>
Loading snort_defaults.lua:<br>
Finished snort_defaults.lua:<br>
Loading file_magic.lua:<br>
Finished file_magic.lua:<br>
ssh<br>
host_cache<br>
pop<br>
binder<br>
stream_tcp<br>
network<br>
gtp_inspect<br>
packets<br>
dce_http_proxy<br>
stream_icmp<br>
normalizer<br>
ftp_server<br>
stream_udp<br>
search_engine<br>
ips<br>
dce_smb<br>
latency<br>
wizard<br>
appid<br>
file_id<br>
ftp_data<br>
hosts<br>
smtp<br>
port_scan<br>
dce_http_server<br>
modbus<br>
dce_tcp<br>
telnet<br>
host_tracker<br>
ssl<br>
sip<br>
rpc_decode<br>
http2_inspect<br>
http_inspect<br>
back_orifice<br>
stream_user<br>
stream_ip<br>
classifications<br>
dnp3<br>
active<br>
ftp_client<br>
daq<br>
decode<br>
alerts<br>
stream<br>
references<br>
arp_spoof<br>
output<br>
dns<br>
dce_udp<br>
imap<br>
process<br>
stream_file<br>
Finished /usr/local/snort261/etc/snort/snort.lua:<br>
0 hosts loaded<br>
.. swapping configuration<br>
== reload complete<br>
o")~<o:p></o:p></span></p>
</div>
<blockquote id="isReplyContent" style="border:none;border-left:solid #CCCCCC
1.0pt;padding:0in 0in 0in
6.0pt;margin-left:4.8pt;margin-right:0in">
<p><span style="font-size:10.5pt;font-family:" arial=""> <o:p></o:p></span></p>
</blockquote>
</div>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:" arial=""><br>
<br>
<br>
<o:p></o:p></span></p>
<p><span style="font-size:10.5pt;font-family:" arial=""> <o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:" arial=""><br>
<br>
<br>
<o:p></o:p></span></p>
<p><span style="font-size:10.5pt;font-family:" arial=""> <o:p></o:p></span></p>
</div>
<p class="MsoNormal"><br>
<br>
<br>
<o:p></o:p></p>
<p> <o:p></o:p></p>
</div>
</blockquote>
</div>
<br>
<br>
<span title="neteasefooter">
<p> </p>
</span><br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Snort-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Snort-users@lists.snort.org" \
moz-do-not-send="true">Snort-users@lists.snort.org</a> Go to this URL to change user \
options or unsubscribe: <a class="moz-txt-link-freetext" \
href="https://lists.snort.org/mailman/listinfo/snort-users" \
moz-do-not-send="true">https://lists.snort.org/mailman/listinfo/snort-users</a>
To unsubscribe, send an email to:
<a class="moz-txt-link-abbreviated" href="mailto:snort-users-leave@lists.snort.org" \
moz-do-not-send="true">snort-users-leave@lists.snort.org</a>
Please visit <a class="moz-txt-link-freetext" href="http://blog.snort.org" \
moz-do-not-send="true">http://blog.snort.org</a> to stay current on all the latest \
Snort news!
Please follow these rules: <a class="moz-txt-link-freetext" \
href="https://snort.org/faq/what-is-the-mailing-list-etiquette" \
moz-do-not-send="true">https://snort.org/faq/what-is-the-mailing-list-etiquette</a> \
</pre> </blockquote>
<p><br>
</p>
</blockquote>
</div>
<br>
<br>
<span title="neteasefooter">
<p> </p>
</span></div>
<br>
<br>
<span title="neteasefooter">
<p> </p>
</span></blockquote>
<p><br>
</p>
</body>
</html>
_______________________________________________
Snort-users mailing list
Snort-users@lists.snort.org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users
To unsubscribe, send an email to:
snort-users-leave@lists.snort.org
Please visit http://blog.snort.org to stay current on all the latest Snort news!
Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
--===============1788337276098024850==--
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic