Snort mailing list archives
Re: [PATCH] Null p->eh in DecodeEthPkt if discarding packet
From: Russ Combs <rcombs () sourcefire com>
Date: Fri, 20 Jan 2012 17:13:15 -0500
Joshua, thanks for submitting the patches. Comments below. On Mon, Nov 28, 2011 at 6:31 AM, Joshua Kinard <kumba () gentoo org> wrote:
Hi snort-devel, Hope everyone had a great holiday! Here to pass along a minor patch for a (presumed) typo in src/decode.c. In DecodeEthPkt(), if the ethernet frame is truncated and will be discarded, then p->eh should be set to NULL, not p->iph (I suspect this was just copied almost-verbatim from DecodeIP()'s version). I also fix a comment I noticed, too.
The intent was to clear the ip4 header pointer, but in that particular place there is no need to clear either that or the eth pointer, as neither have been set and there is a memset() to clear that portion of the packet struct a few lines earlier. So that line was deleted. Also, I use "iff" to mean "if and only if". Sorry for the confusion.
Patch is against 2.9.2 beta. Any feedback on the ether_type patch I sent in a little over two weeks ago or the fast-pattern/SMTP preprocessor bug by chance (if it is a bug)? Also, is there a list of tools needed to convert the TeX code to the Snort Manual PDF? The other patches are in the queue. Thanks for contributing.
Thanks! -- Joshua Kinard Gentoo/MIPS kumba () gentoo org 4096R/D25D95E3 2011-03-28 "The past tempts us, the present confuses us, the future frightens us. And our lives slip away, moment by moment, lost in that vast, terrible in-between." --Emperor Turhan, Centauri Republic ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-novd2d _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------ Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Re: [PATCH] Null p->eh in DecodeEthPkt if discarding packet Russ Combs (Jan 20)