Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: snort.org > snort-devel > 04 > 030993.html (Request Expert snort.org Support)

[Snort-devel] patch to get rid of UDP decoder messages with port=0

From: Ben Allen <benjamin(at)oitsec.umn.edu>
Date: Wed Mar 17 2004 - 22:39:47 EST


This follows the spirit of the changes mentioned in the ChangeLog

<<<< begin snippit from changelog
2003-05-13 Chris Green <cmg@sourcefire.com> [snip]

  • src/decode.c (DecodeTCP): move port number assignment above option decoding so people don't complain about decoder events on port 0.
    >>>>> end snippit from changelog

The patch is against decode.c v 1.102 from the FreeBSD port tree (snort v2.1.1).

The lines to fill in the p->sp & p->dp elements are moved up to the first point at which it is safe to assume that they are valid.

Thanks

Ben 

-- 
======================================================================
Benjamin Allen                                 benjamin@oitsec.umn.edu
U of MN - OIT                                             612-625-7885

      I try to take one day at a time, but sometimes several
         days attack me at once.  -- Ashleigh Brilliant

--- snort-2.1.1/src/decode.c Wed Mar 17 21:35:40 2004 +++ local/src/decode.c Wed Mar 17 21:36:58 2004 @@ -1,4 +1,4 @@ -/* $Id: decode.c,v 1.102 2003/10/20 15:03:17 chrisgreen Exp $ */ +/* $Id: decode.c,v 1.1 2004/03/18 03:36:56 benjamin Exp benjamin $ */ /* ** Copyright (C) 1998-2002 Martin Roesch <roesch@sourcefire.com> @@ -2356,6 +2356,10 @@ return; } + /* fill in the printout data structs */ + p->sp = ntohs(p->udph->uh_sport); + p->dp = ntohs(p->udph->uh_dport); + /* make sure there are enough bytes as designated by length field */ if(len < uhlen) { @@ -2410,10 +2414,6 @@ } DEBUG_WRAP(DebugMessage(DEBUG_DECODE, "UDP header starts at: %p\n", p->udph);); - - /* fill in the printout data structs */ - p->sp = ntohs(p->udph->uh_sport); - p->dp = ntohs(p->udph->uh_dport); p->data = (u_int8_t *) (pkt + UDP_HEADER_LEN); ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Snort-devel mailing list Snort-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/snort-devel Received on Wed Mar 17 22:43:16 2004

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:08:10 EDT

Do you need help?X
Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library