Error after using snort2lua to ET_Open ruleset for Snort2.9.0

["??????" <1294972664 () qq com>]

Hi, all,


I want to use snort2lua, which is bundled with Snort3.0, to change ET Open rulesett for Snort 2.9.0 to be used by 
Snort3. However, although this transformation is successful after filtering out unsupported options (e.g. distance, 
ftpbounce), Snort3 will prompt ERRORS when load rules. These messages are shown below. It's very odd, because although 
it prompt me that "fast_pattern_offset must be less than the actual pattern length which is 0", the corresponding rule 
doesn't use "fast_patter" key word. There is too less information about Snort3, and I cannot find a solution, although 
the sample.rules working successfully. Who can give me a hand? Thank you very much.


Error message:
--------------------------------------------------------------------------------------------------------------------------------
Loading /home/sanshang/files/nids/experiment/ruleset/ET_open_snort_2.9.0/all_rules_for_snort3.self.rules.
rules:
ERROR: /home/sanshang/files/nids/experiment/ruleset/ET_open_snort_2.9.0/all_rules_for_snort3.self.rules.r
ules:651 invalid byte code at 24
ERROR: /home/sanshang/files/nids/experiment/ruleset/ET_open_snort_2.9.0/all_rules_for_snort3.self.rules.r
ules:651 fast_pattern_offset must be less than the actual pattern length which is 0.
ERROR: /home/sanshang/files/nids/experiment/ruleset/ET_open_snort_2.9.0/all_rules_for_snort3.self.rules.r
ules:651 can't finalize content
ERROR: /home/sanshang/files/nids/experiment/ruleset/ET_open_snort_2.9.0/all_rules_for_snort3.self.rules.$
ules:905 invalid byte code at 15
ERROR: /home/sanshang/files/nids/experiment/ruleset/ET_open_snort_2.9.0/all_rules_for_snort3.self.rules.$
ules:905 fast_pattern_offset must be less than the actual pattern length which is 0.
ERROR: /home/sanshang/files/nids/experiment/ruleset/ET_open_snort_2.9.0/all_rules_for_snort3.self.rules.$
ules:905 can't finalize content
ERROR: /home/sanshang/files/nids/experiment/ruleset/ET_open_snort_2.9.0/all_rules_for_snort3.self.rules.$
ules:927 invalid byte code at 8
ERROR: /home/sanshang/files/nids/experiment/ruleset/ET_open_snort_2.9.0/all_rules_for_snort3.self.rules.$
ules:927 fast_pattern_offset must be less than the actual pattern length which is 0.
ERROR: /home/sanshang/files/nids/experiment/ruleset/ET_open_snort_2.9.0/all_rules_for_snort3.self.rules.$
ules:927 can't finalize content
ERROR: /home/sanshang/files/nids/experiment/ruleset/ET_open_snort_2.9.0/all_rules_for_snort3.self.rules.$
ules:963 invalid byte code at 9
ERROR: /home/sanshang/files/nids/experiment/ruleset/ET_open_snort_2.9.0/all_rules_for_snort3.self.rules.$
ules:963 fast_pattern_offset must be less than the actual pattern length which is 0.
ERROR: /home/sanshang/files/nids/experiment/ruleset/ET_open_snort_2.9.0/all_rules_for_snort3.self.rules.$
ules:963 can't finalize content
ERROR: /home/sanshang/files/nids/experiment/ruleset/ET_open_snort_2.9.0/all_rules_for_snort3.self.rules.$
ules:997 invalid byte code at 9
ERROR: /home/sanshang/files/nids/experiment/ruleset/ET_open_snort_2.9.0/all_rules_for_snort3.self.rules.$
ules:997 fast_pattern_offset must be less than the actual pattern length which is 0.
ERROR: /home/sanshang/files/nids/experiment/ruleset/ET_open_snort_2.9.0/all_rules_for_snort3.self.rules.$
ules:997 can't finalize content

... ... 
----------------------------------------------------------------------------------------------------------------------------------

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity 
planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!