[Snort-devel] "ERROR: Bad CIDR size [255], 1 to 32 please!" when using $_ADDRESS

Brian Korver briank at ...1363...
Tue May 7 10:28:01 EDT 2002


I tried setting $HOME_NET using $<interface>_ADDRESS:

    var HOME_NET $fxp0_ADDRESS

but I get a "ERROR: Bad CIDR size [255], 1 to 32 please!" failure when
it comes to the

    preprocessor spade-homenet: $EXTERNAL_NET

directive in my snort.conf file.  Note that I've got the following in
snort.conf:

    var EXTERNAL_NET !$HOME_NET

It's obvious what is happening: DefineIfaceVar() is setting the
variable to be a netmask, not a CIDR size:

    void DefineIfaceVar(char *iname, u_char * network, u_char * netmask)
    ...
    snprintf(valbuf, 32, "%d.%d.%d.%d/%d.%d.%d.%d",
    ...

so, SpadeHomenetInit() ends up being called with 

    !198.144.201.192/255.255.255.240

but spp_anomsensor.c:create_netlist() is expecting a CIDR size and
can't deal with the netmask.

My guess is that having DefineIfaceVar() specify a CIDR size instead
of a netmask would do the trick, but what else would that break?

-brian
briank at ...1363...




More information about the Snort-devel mailing list