long jumps not supported
Lenny Zeltser
lenny at zeltser.com
Thu Jun 1 21:48:58 EDT 2000
Dear folks,
I am in the process of setting up my tcpdump-based filter to perform basic
intrusion detection functions via "ra". The filter file documents all
traffic that is allowed, prefixed by a "not" as the outer-most expression,
so that "ra" reports all traffic that should not be present.
The filter file is approximately 700 characters long. I have reached a
point, however, where as soon as I add a new clause to the filter, "ra"
responds with the following error:
ra: expression: long jumps not supported
Is my filter file too long for the program to handle? If so, how do people
specify complex rules to the program?
Thanks,
-- Lenny
More information about the argus
mailing list