Snort mailing list archives
Re: BUG of "config bpf_file"
From: Peng Yong <ppyy () staff cn99 com>
Date: Wed, 01 May 2002 23:41:53 +0800
On Wed, May 01, 2002 at 04:07:26PM +0800, Peng Yong wrote:i have a flowing line in snort.conf: config bpf_file: snort.bpf and the content of snort.bpf: tcp port 80 but bpf_file config in snort rules file can't set filter to bpf. i check the code in snort.c and find snort pcap_compile the filter before parse the snort.bpf.Not in my version. Try using gdb and set a breakpoint just before the pcap_setfilter call and look at the contents of pv.pcap_cmd. If it's still null, you probably need to upgrade to a current snort.
I have debuged snort by gdb before i send last email. the pv.pcap_cmd is null when i set it in the rule file. it is ok when i set it in the command line. i also compiled a debug version of snort by: ./configure --enable-debug and the debug informantion also report same information. I have testing 1.8.6 and latest source from CVS. -- Peng Yong Email: ppyy () staff cn99 com Bentium Ltd. URL: http://www.cn99.com
Current thread:
- BUG of "config bpf_file" Peng Yong (May 01)
- Re: BUG of "config bpf_file" Phil Wood (May 01)
- Re: BUG of "config bpf_file" Peng Yong (May 01)
- Re: BUG of "config bpf_file" Phil Wood (May 01)
- snortconf via web Mr. F Phat's (May 01)
- Re: snortconf via web Erek Adams (May 02)
- RE: snortconf via web Robert S. (May 03)
- RE: snortconf via web Erek Adams (May 03)
- RE: snortconf via web Jeff Dell (May 03)
- RE: snortconf via web Robert S. (May 03)
- Re: BUG of "config bpf_file" Peng Yong (May 01)
- Re: BUG of "config bpf_file" Phil Wood (May 01)