[Snort-users] BUG of "config bpf_file"

Phil Wood cpw at ...440...
Wed May 1 07:43:25 EDT 2002


On Wed, May 01, 2002 at 04:07:26PM +0800, Peng Yong wrote:
> 
> i have a flowing line in snort.conf:
> 
> config bpf_file: snort.bpf
> 
> and the content of snort.bpf:
> 
> tcp port 80
> 
> 
> but bpf_file config in snort rules file can't set filter to bpf.
> 
> i check the code in snort.c and find snort pcap_compile the filter
> before parse the snort.bpf.
Not in my version.  Try using gdb and set a breakpoint just before the
pcap_setfilter call and look at the contents of pv.pcap_cmd.  If it's
still null, you probably need to upgrade to a current snort.
> 
> 
> 
> --
> Peng Yong                     Email: ppyy at ...5444...
> Bentium Ltd.                  URL: http://www.cn99.com
> 

-- 
Phil Wood, cpw at ...440...





More information about the Snort-users mailing list