Re: snort-inline segfault with -b

[Rob McMillen <rvmcmil () cablespeed com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Thanks for pointing this out.  I will make sure it is fixed for the next 
release of snort-inline.  The problem is that pcap is not initialized when 
the -Q is used; therefore, it cannot use the pcap_dump_open.

Thanks again,

Rob

On Fri, 21 Feb 2003, Katriel Traum wrote:

> Hello list,
>
> I've been trying to use snort as a GIDS with snort-inline.
> When trying to run snort in inline mode (-Q) along side with tcpdump logging
> (-b), I get a segfault (same goes when trying
> output log_tcpdump: /var/log/snort/tcpdump.log)
> I've run it through "gdb", and found out that it segfaults at a function
> called pcap_dump_open(), which after checking is the function that opens the
> pcap dump file.
> When running snort-inline with only -b or only -Q, nothing happens.
>
> Anyone else using snort-inline for data-capture/control?
> Has anyone seen or experienced something like this?
>
> Thanks,

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8
Comment: Made with pgp4pine 1.76

iQA/AwUBPlaev/nAyY+9KLjdEQLTYACfWjjyurLE+76igA5+UNZtkPIHmJIAoO8G
ucnHE7qnTy0dxG381T0+OSwc
=romv
-----END PGP SIGNATURE-----