[Oisf-users] "suricata: double free or corruption" when I use bpf filter
Victor Julien
victor at inliniac.net
Wed Nov 9 17:04:29 UTC 2011
On 11/09/2011 05:51 PM, carlopmart wrote:
>> Can you try the attached patch?
>>
>
> Apply patch works well and compilation too ... Starting suricata:
>
> root at eorlingas:~# suricata -c /data/config/etc/suricata/suricata.yaml -i
> eth8 -F /data/config/etc/suricata/bpf.conf
> [21899] 9/11/2011 -- 16:48:26 - (runmode-pcap.c:140) <Info>
> (ParsePcapConfig) -- BPF filter set from command line or via old
> 'bpf-filter' option.
>
> ... uhmm, why is saying "BPF filter set from command line or via old
> 'bpf-filter' option."??
I agree the output is confusing. What I think is happening is that you
can set a bpf filter in the config (suricata.yaml). If you add it on the
commandline, like you did, it will tell you it uses that instead of the
one in the config.
> Anyway, seems it works ... Yes, works. Suricata only sees http traffic ...
Cool, thanks for your report!
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list