[Snort-users] BUG of "config bpf_file"
ppyy at ...5444...
Wed May 1 08:45:12 EDT 2002
> On Wed, May 01, 2002 at 04:07:26PM +0800, Peng Yong wrote:
> > i have a flowing line in snort.conf:
> > config bpf_file: snort.bpf
> > and the content of snort.bpf:
> > tcp port 80
> > but bpf_file config in snort rules file can't set filter to bpf.
> > i check the code in snort.c and find snort pcap_compile the filter
> > before parse the snort.bpf.
> Not in my version. Try using gdb and set a breakpoint just before the
> pcap_setfilter call and look at the contents of pv.pcap_cmd. If it's
> still null, you probably need to upgrade to a current snort.
I have debuged snort by gdb before i send last email.
the pv.pcap_cmd is null when i set it in the rule file. it is ok when i
set it in the command line.
i also compiled a debug version of snort by:
and the debug informantion also report same information.
I have testing 1.8.6 and latest source from CVS.
Peng Yong Email: ppyy at ...5444...
Bentium Ltd. URL: http://www.cn99.com
More information about the Snort-users