Re: Cannot Open FIFO with "-r" in latest Snort Releases

[Todd Wease <twease () sourcefire com>]

I'll create a bug for this and respond.


Simon Dunstone wrote:
> Hi All,
>
> I'd like to report what I believe is a bug in recent Snort releases
> where a FIFO cannot be opened using the "-r" command line option.
>
> System Architecture: x86
> Operating System: RHEL5 v2.6.18-92.el5
> Snort Version: Reproduced error on v2.8.4 and v2.8.5.1
>
> This problem is most easily reproduced as follows:
>
>    1. Create a FIFO (mkfifo /tmp/test.fifo)
>    2. snort -r /tmp/test.fifo
>
> Snort produces the following error output:
>
> --== Initializing Snort ==--
> ...
> ...
> Specified pcap is not a regular file: /tmp/test.fifo
> ERROR: Error getting pcaps.
> Fatal Error, Quitting..
>
>
> I can confirm that this worked in v2.7.0.
>
> To get it working again locally I have modified line #5470 of
> "parser.c" to allow both S_IFREG and S_IFIFO modes.
>
> Let me know if you need any more information.
>
> Regards,
> Simon Dunstone


------------------------------------------------------------------------------
Come build with us! The BlackBerry(R) Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay 
ahead of the curve. Join us from November 9 - 12, 2009. Register now!
http://p.sf.net/sfu/devconference
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel