SFSnortPacket: Problem when getting packet payload

[Hai Minh Nguyen <lightsea90 () gmail com>]

Hi,

I'm writing a dynamic preprocessor which examines all packet payload. I
found that SFSnortPacket contained 2 members: payload (pointer) and
payload_size. I used these 2 members to read packet payload. But when I
tested with those packets of a HTTP stream (definitely payload existed), it
shown that payload_size = 0 and payload != NULL. I thought if payload_size
= 0 then payload = NULL :|

My questions:

1. If payload_size = 0, there's no payload, just header and payload = NULL.
Is this true? What about my case?

2. How to examine packet payload? (Is that my way right? How to fix? Any
other solution?)

-- 
Kiếm ma độc cô cầu bại - Ôi, một đời oanh liệt, chỉ mong được chiến bại một
lần, nhưng chưa ai qua nổi quá tam chiêu!!!

------------------------------------------------------------------------------
AlienVault Unified Security Management (USM) platform delivers complete
security visibility with the essential security capabilities. Easily and
efficiently configure, manage, and operate all of your security controls
from a single console and one unified framework. Download a free trial.
http://p.sf.net/sfu/alienvault_d2d

_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!