Snort mailing list archives
Re: [PATCH] Null p->eh in DecodeEthPkt if discarding packet
From: Joel Esler <jesler () sourcefire com>
Date: Mon, 28 Nov 2011 08:18:38 -0500
Thanks Joshua. This, and your other patches, have been entered into the system. On Nov 28, 2011, at 6:31 AM, Joshua Kinard wrote:
Hi snort-devel, Hope everyone had a great holiday! Here to pass along a minor patch for a (presumed) typo in src/decode.c. In DecodeEthPkt(), if the ethernet frame is truncated and will be discarded, then p->eh should be set to NULL, not p->iph (I suspect this was just copied almost-verbatim from DecodeIP()'s version). I also fix a comment I noticed, too. Patch is against 2.9.2 beta. Any feedback on the ether_type patch I sent in a little over two weeks ago or the fast-pattern/SMTP preprocessor bug by chance (if it is a bug)? Also, is there a list of tools needed to convert the TeX code to the Snort Manual PDF? Thanks! -- Joshua Kinard Gentoo/MIPS kumba () gentoo org 4096R/D25D95E3 2011-03-28 "The past tempts us, the present confuses us, the future frightens us. And our lives slip away, moment by moment, lost in that vast, terrible in-between." --Emperor Turhan, Centauri Republic <snort-2.9.2-decodeethpkt-null-eh.patch>------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-novd2d_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-novd2d _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- [PATCH] Null p->eh in DecodeEthPkt if discarding packet Joshua Kinard (Nov 28)
- Re: [PATCH] Null p->eh in DecodeEthPkt if discarding packet Joel Esler (Nov 28)
- Re: [PATCH] Null p->eh in DecodeEthPkt if discarding packet Ryan Jordan (Nov 28)
- Re: [PATCH] Null p->eh in DecodeEthPkt if discarding packet Joshua Kinard (Nov 28)