1.9.0 and PostgreSQL weirdness

[Derek Glidden <dglidden () illusionary com>]

1) in response to a message I saw in the archives about 1.9.0 not
starting up correctly because it can't determine it's sensor ID, I had
to modify the PostgreSQL DB schema such that "last_cid" would allow NULL
values.  

In Snort's connect() call to the database, if it can't find an existant
sensor id for that particular sensor, it attempts to do an INSERT that
leaves "last_cid" NULL, which will fail as the default schema has that
column constrained with NOT NULL.  Hence a new Snort 1.9.0 trying to
connect to an empty database will fail until the SENSOR table allows
NULLs in the last_cid column.  (Probably it could be fixed in the Snort
code more accurately by inserting a "0" or other value on the first
"INSERT" that sets the sid, but I don't know the snort code well enough
to know what implications that would have, while leaving it NULL seems
to not harm anything.)

2) for some reason, 1.9.0 compiled against the same PostgreSQL libraries
as the 1.8.7 that's been running will not make an SSL'ed connection
(postgres client libraries compiled with --with-openssl to enable the
SSL-tunneled connection autonegotiation) to my PostgreSQL database.

I can make SSL connections with psql no problem at all from the same
host from which snort cannot connect.

Has anyone else seen this problem or can think of a reason why it would
be failing?  I've looked through the db connect code in snort and it
isn't (as far as I can tell) doing anything to explicitly DIS-allow SSL
connections, and the libpq client code is supposed negotiate SSL
automatically if the server supports it, and 1.8.7 worked just fine, so
I'm stumped.

-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
#!/usr/bin/perl -w
$_='while(read+STDIN,$_,2048){$a=29;$b=73;$c=142;$t=255;@t=map
{$_%16or$t^=$c^=($m=(11,10,116,100,11,122,20,100)[$_/16%8])&110;
$t^=(72,@z=(64,72,$a^=12*($_%16-2?0:$m&17)),$b^=$_%64?12:0,@z)
[$_%8]}(16..271);if((@a=unx"C*",$_)[20]&48){$h=5;$_=unxb24,join
"",@b=map{xB8,unxb8,chr($_^$a[--$h+84])}@ARGV;s/...$/1$&/;$d=
unxV,xb25,$_;$e=256|(ord$b[4])<<9|ord$b[3];$d=$d>>8^($f=$t&($d
> > 12^$d>>4^$d^$d/8))<<17,$e=$e>>8^($t&($g=($q=$e>>14&7^$e)^$q*
8^$q<<6))<<9,$_=$t[$_]^(($h>>=8)+=$f+(~$g&$t))for@a[128..$#a]}
print+x"C*",@a}';s/x/pack+/g;eval 

usage: qrpff 153 2 8 105 225 < /mnt/dvd/VOB_FILENAME \
    | extract_mpeg2 | mpeg2dec - 

         http://www.cs.cmu.edu/~dst/DeCSS/Gallery/
http://www.eff.org/                   http://www.anti-dmca.org/



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users