[PATCH] Null p->eh in DecodeEthPkt if discarding packet

[Joshua Kinard <kumba () gentoo org>]

Hi snort-devel,

Hope everyone had a great holiday!  Here to pass along a minor patch for a
(presumed) typo in src/decode.c.  In DecodeEthPkt(), if the ethernet frame
is truncated and will be discarded, then p->eh should be set to NULL, not
p->iph (I suspect this was just copied almost-verbatim from DecodeIP()'s
version).  I also fix a comment I noticed, too.

Patch is against 2.9.2 beta.

Any feedback on the ether_type patch I sent in a little over two weeks ago
or the fast-pattern/SMTP preprocessor bug by chance (if it is a bug)?  Also,
is there a list of tools needed to convert the TeX code to the Snort Manual PDF?


Thanks!

-- 
Joshua Kinard
Gentoo/MIPS
kumba () gentoo org
4096R/D25D95E3 2011-03-28

"The past tempts us, the present confuses us, the future frightens us.  And
our lives slip away, moment by moment, lost in that vast, terrible in-between."

--Emperor Turhan, Centauri Republic

Attachment: snort-2.9.2-decodeethpkt-null-eh.patch
Description:

------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure 
contains a definitive record of customers, application performance, 
security threats, fraudulent activity, and more. Splunk takes this 
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d

_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel

Please visit http://blog.snort.org for the latest news about Snort!