compiling with --enable-inline impacts non-inline sniffing

[Dan Weber <weberdan () gmail com>]

I configure snort like this: ./configure --enable-ipv6 \
 --enable-dynamicplugin --enable-inline --enable-ipfw \
 --with-libnet-includes=/usr/local/include/libnet-1.0 \
 --with-libnet-libraries=/usr/local/lib/libnet-1.0

I compile, then run snort like this:

snort -i lo -c snort.conf

where "snort.conf" is an empty file. And it reads from a different
interface, not lo.

Looking in the source, things are okay in the SnortConfigso bad in
MergeSnortConfs(), which I
think is there to merge the configuration on my command line with
whatever is read from the configuration file. Around line 4620
is this:

#if defined(GIDS) && defined(IPFW)
 config_file->divert_port = cmd_line->divert_port;

 if (config_file->interface != NULL)
 {
 free(config_file->interface);
 config_file->interface = NULL;
 }
#endif

If I'm understanding it correctly, this erases the interface in the
config_file if it exists, even if I'm not in inline mode.  I'm not
sure what test should be there, but this doesn't seem right.

snort still sniffs, but it sniffs the "default interface" as determined
by libpcap, instead of what was on the command line.

Tested on both 2.8.5.2 and 2.8.5.3, as well as the 2.8.6.rc.

------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users