[Oisf-users] Can't apply BPF from file when PF_RING enabled? 2.1beta3
Victor Julien
lists at inliniac.net
Tue Feb 10 15:57:02 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 02/09/2015 07:06 PM, Brian Keefer wrote:
> I’m experiencing some strange behavior with 2.1beta3. When I
> specify an external BPF file, the filter fails to apply. When I
> copy & paste the exact same filter from the file and insert it as
> the value in the YAML config, it works. The error is from the
> PF_RING integration code, so maybe it’s a unique condition to
> PF_RING support?
>
> Error when filter is set to file: 7/2/2015 -- 18:24:48 - <Info> -
> Set PF_RING bpf filter "/etc/suricata/bpf.filter" failed. 7/2/2015
> -- 18:24:48 - <Info> - Set PF_RING bpf filter
> "/etc/suricata/bpf.filter" failed. 7/2/2015 -- 18:24:48 - <Info> -
> Set PF_RING bpf filter "/etc/suricata/bpf.filter" failed. 7/2/2015
> -- 18:24:48 - <Info> - Set PF_RING bpf filter
> "/etc/suricata/bpf.filter" failed. 7/2/2015 -- 18:24:48 - <Info> -
> Set PF_RING bpf filter "/etc/suricata/bpf.filter" failed. 7/2/2015
> -- 18:24:48 - <Info> - Set PF_RING bpf filter
> "/etc/suricata/bpf.filter" failed. 7/2/2015 -- 18:24:48 - <Info> -
> Set PF_RING bpf filter "/etc/suricata/bpf.filter" failed. 7/2/2015
> -- 18:24:48 - <Info> - Set PF_RING bpf filter
> "/etc/suricata/bpf.filter" failed. 7/2/2015 -- 18:24:48 - <Info> -
> Set PF_RING bpf filter "/etc/suricata/bpf.filter" failed. 7/2/2015
> -- 18:24:48 - <Info> - Set PF_RING bpf filter
> "/etc/suricata/bpf.filter" failed. 7/2/2015 -- 18:24:48 - <Info> -
> Set PF_RING bpf filter "/etc/suricata/bpf.filter" failed. 7/2/2015
> -- 18:24:48 - <Info> - Set PF_RING bpf filter
> "/etc/suricata/bpf.filter" failed. 7/2/2015 -- 18:24:48 - <Info> -
> Set PF_RING bpf filter "/etc/suricata/bpf.filter" failed. 7/2/2015
> -- 18:24:48 - <Info> - Set PF_RING bpf filter
> "/etc/suricata/bpf.filter" failed.
It looks like it considers the string "/etc/suricata/bpf.filter" to be
filter instead of the contents of the file.
Are you sure you're loading the file with "-F
/etc/suricata/bpf.filter"? Omitting the "-F" could explain the above.
Cheers,
Victor
- --
- ---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
- ---------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBAgAGBQJU2ipIAAoJEMH0leOSaFa0PosIAJqBwlGu3P2Jsj/x73d8k/Bx
TL96X2yarOH6TQY0bpfN1n2pjtwEARntOl7oQZgcOOskpQ7AzL3KKDUO/WhNIaQB
JTHKObzJJj1z1zYTSFJdt9fHmbVT0MygZlbjGddUgIkHTZiyW4LBeoSSLeirmNf/
I3N2aE4GYUOPA3YS+3NgC1zG5dYB0t9caJHyH6vXfFIFlDR63dFiiXaTTkWDYTnv
P+0M5BL9v+H515vOcx55WK6VMxO9o8idv3oriRwmH3+4Cr8RjaP4+VwI6jei+4/P
GNjf9KD2mU5oRn0M0c/bU1Icrc1+vNhFc7XEuzpF5Q5Z81fTguhhM7f2KqBf3eI=
=+h9p
-----END PGP SIGNATURE-----
More information about the Oisf-users
mailing list