Snort mailing list archives

Re: BUG of "config bpf_file"

From: Phil Wood <cpw () lanl gov>
Date: Wed, 1 May 2002 15:30:11 -0600

You are correct!  I was running a more recent version 1.9dev.

I suggest you use the command line until the 1.9 is available.  Of
course you can always go with the bleeding edge like I do.  But, then
there are possibly more serious problems to contend with.   %^)

Later,

On Wed, May 01, 2002 at 11:41:53PM +0800, Peng Yong wrote:

On Wed, May 01, 2002 at 04:07:26PM +0800, Peng Yong wrote:


i have a flowing line in snort.conf:

config bpf_file: snort.bpf

and the content of snort.bpf:

tcp port 80


but bpf_file config in snort rules file can't set filter to bpf.

i check the code in snort.c and find snort pcap_compile the filter
before parse the snort.bpf.

Not in my version.  Try using gdb and set a breakpoint just before the
pcap_setfilter call and look at the contents of pv.pcap_cmd.  If it's
still null, you probably need to upgrade to a current snort.


I have debuged snort by gdb before i send last email.

the pv.pcap_cmd is null when i set it in the rule file. it is ok when i
set it in the command line.

i also compiled a debug version of snort by:

 ./configure --enable-debug

and the debug informantion also report same information.

I have testing 1.8.6 and latest source from CVS.

--
Peng Yong                     Email: ppyy () staff cn99 com
Bentium Ltd.                  URL: http://www.cn99.com


-- 
Phil Wood, cpw () lanl gov


_______________________________________________________________

Have big pipes? SourceForge.net is looking for download mirrors. We supply
the hardware. You get the recognition. Email Us: bandwidth () sourceforge net
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

BUG of "config bpf_file" Peng Yong (May 01)
- Re: BUG of "config bpf_file" Phil Wood (May 01)
  - Re: BUG of "config bpf_file" Peng Yong (May 01)
    - Re: BUG of "config bpf_file" Phil Wood (May 01)
    - snortconf via web Mr. F Phat's (May 01)
    - Re: snortconf via web Erek Adams (May 02)
    - RE: snortconf via web Robert S. (May 03)
    - RE: snortconf via web Erek Adams (May 03)
    - RE: snortconf via web Jeff Dell (May 03)
    - RE: snortconf via web Robert S. (May 03)