Snort mailing list archives
Re: BUG of "config bpf_file"
From: Phil Wood <cpw () lanl gov>
Date: Wed, 1 May 2002 08:42:18 -0600
On Wed, May 01, 2002 at 04:07:26PM +0800, Peng Yong wrote:
i have a flowing line in snort.conf: config bpf_file: snort.bpf and the content of snort.bpf: tcp port 80 but bpf_file config in snort rules file can't set filter to bpf. i check the code in snort.c and find snort pcap_compile the filter before parse the snort.bpf.
Not in my version. Try using gdb and set a breakpoint just before the pcap_setfilter call and look at the contents of pv.pcap_cmd. If it's still null, you probably need to upgrade to a current snort.
-- Peng Yong Email: ppyy () staff cn99 com Bentium Ltd. URL: http://www.cn99.com
-- Phil Wood, cpw () lanl gov
Current thread:
- BUG of "config bpf_file" Peng Yong (May 01)
- Re: BUG of "config bpf_file" Phil Wood (May 01)
- Re: BUG of "config bpf_file" Peng Yong (May 01)
- Re: BUG of "config bpf_file" Phil Wood (May 01)
- snortconf via web Mr. F Phat's (May 01)
- Re: snortconf via web Erek Adams (May 02)
- RE: snortconf via web Robert S. (May 03)
- RE: snortconf via web Erek Adams (May 03)
- RE: snortconf via web Jeff Dell (May 03)
- RE: snortconf via web Robert S. (May 03)
- Re: BUG of "config bpf_file" Peng Yong (May 01)
- Re: BUG of "config bpf_file" Phil Wood (May 01)