[Snort-devel] "ERROR: Bad CIDR size [255], 1 to 32 please!" when using $_ADDRESS

Brian Korver briank at ...1363...
Tue May 7 10:28:01 EDT 2002

I tried setting $HOME_NET using $<interface>_ADDRESS:

    var HOME_NET $fxp0_ADDRESS

but I get a "ERROR: Bad CIDR size [255], 1 to 32 please!" failure when
it comes to the

    preprocessor spade-homenet: $EXTERNAL_NET

directive in my snort.conf file.  Note that I've got the following in


It's obvious what is happening: DefineIfaceVar() is setting the
variable to be a netmask, not a CIDR size:

    void DefineIfaceVar(char *iname, u_char * network, u_char * netmask)
    snprintf(valbuf, 32, "%d.%d.%d.%d/%d.%d.%d.%d",

so, SpadeHomenetInit() ends up being called with 


but spp_anomsensor.c:create_netlist() is expecting a CIDR size and
can't deal with the netmask.

My guess is that having DefineIfaceVar() specify a CIDR size instead
of a netmask would do the trick, but what else would that break?

briank at ...1363...

More information about the Snort-devel mailing list