Snort mailing list archives

[PATCHES] Fixes for daq_nfq

From: Kelvie Wong <kwong () wurldtech com>
Date: Mon, 25 Oct 2010 14:18:50 -0700

Attached is a patch that fixes a couple of issues (I think they are issues, 
anyways...) we have found in the NFQ DAQ module in Snort 2.9.0.

nfq_get_timestamp (for us) often returns -1, trying to tell us that it does 
not have a timestamp for this packet, and the first part of this patch just 
uses the current time when writing the packet header.  Many parts of snort 
seem to depend on having a valid timestamp in the packet header, so this would 
definitely break it.

The second part of the patch removes the return statement from the packet 
handling loop inside the NFQ DAQ -- under certain conditions, 
nfq_handle_packet will break and return early (before calling the callback); 
this causes snort to either freeze or exit, both undesirable outcomes, 
especially when Snort is being used in inline mode.

If any of these changes are terribly shortsighted or just plain wrong, please 
let me know.  I haven't delved that deep into the Snort code yet.

-- 
Kelvie Wong
Software Developer

Wurldtech Security Technologies Inc.
Suite 1680 - 401 West Georgia St.
Vancouver, B.C.  V6B 5A1
Canada

Phone:       + 1.604.669.6674
Toll Free:   + 1.877.369.6674
Fax:           + 1.604.669.2902
Website:    http://www.wurldtech.com/

"ARE YOU ACHILLES CERTIFIED?"

This message is intended only for the named recipients. This message
may contain information that is privileged, confidential or exempt
from disclosure under applicable law. Any dissemination or copying
of this message by anyone other than a named recipient is strictly
prohibited. If you are not a named recipient or an employee or agent
responsible for delivering this message to a named recipient, please
notify us immediately by telephone at 604-669-6674, and permanently
destroy this message and any copies you may have. Email may not be
secure unless properly encrypted.

Attachment: daq-0.2-nfq-fixes.patch
Description:

------------------------------------------------------------------------------
Nokia and AT&T present the 2010 Calling All Innovators-North America contest
Create new apps & games for the Nokia N8 for consumers in  U.S. and Canada
$10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing
Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store 
http://p.sf.net/sfu/nokia-dev2dev

_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel

Current thread:

[PATCHES] Fixes for daq_nfq Kelvie Wong (Oct 25)
- Re: [PATCHES] Fixes for daq_nfq Russ Combs (Oct 25)
  - Re: [PATCHES] Fixes for daq_nfq Russ Combs (Nov 02)
    - Re: [PATCHES] Fixes for daq_nfq Kelvie Wong (Nov 02)
    - Re: [PATCHES] Fixes for daq_nfq Russ Combs (Dec 09)