[Snort-devel] snort 1.7 on obsd 2.5

John Kinsella jlk at ...222...
Fri Jan 19 12:29:09 EST 2001


Hey guys...not sure if somebody's working this or not already...looks
like because of the addition of the mtu code in snort 1.7 it won't run
under OpenBSD 2.5...heard rumors on dejaNews about the same problem for 
2.6.  Been tinkering around with snort.c to see if I can get it working,
looks like when the call to GetIfrMTU(snort.c:1376) fails it isn't a
fatal error in and of itself...commenting out the if loop which tests at
1378 allows me to run 'snoop -v' and see output, but when I try to send my
rules at it('snoop -i tun0 -v -c rules') it coredumps while trying to
Initialize rule chains.

Looking at the libpcap code, their configure script actually has
pcap_open_live() stay away from the ioctl tricks under obsd.  I tried
putting their MTU discovery code(basically divide size by 2 until buffer
is small enough) into the GetIfrMTU function, but still end up with a
buffer size of 0...anybody else playing with this?  Gotta go do the day
job now but I wouldn't mind getting this working if I can.

John




More information about the Snort-devel mailing list