Re: [PATCH] Null p->eh in DecodeEthPkt if discarding packet

[Russ Combs <rcombs () sourcefire com>]

Joshua, thanks for submitting the patches.  Comments below.

On Mon, Nov 28, 2011 at 6:31 AM, Joshua Kinard <kumba () gentoo org> wrote:

> Hi snort-devel,
>
> Hope everyone had a great holiday!  Here to pass along a minor patch for a
> (presumed) typo in src/decode.c.  In DecodeEthPkt(), if the ethernet frame
> is truncated and will be discarded, then p->eh should be set to NULL, not
> p->iph (I suspect this was just copied almost-verbatim from DecodeIP()'s
> version).  I also fix a comment I noticed, too.

The intent was to clear the ip4 header pointer, but in that particular
place there is no need to clear either that or the eth pointer, as neither
have been set and there is a memset() to clear that portion of the packet
struct a few lines earlier.  So that line was deleted.

Also, I use "iff" to mean "if and only if".  Sorry for the confusion.

> Patch is against 2.9.2 beta.
>
> Any feedback on the ether_type patch I sent in a little over two weeks ago
> or the fast-pattern/SMTP preprocessor bug by chance (if it is a bug)?
>  Also,
> is there a list of tools needed to convert the TeX code to the Snort
> Manual PDF?
>
> The other patches are in the queue.  Thanks for contributing.

> Thanks!
>
> --
> Joshua Kinard
> Gentoo/MIPS
> kumba () gentoo org
> 4096R/D25D95E3 2011-03-28
>
> "The past tempts us, the present confuses us, the future frightens us.  And
> our lives slip away, moment by moment, lost in that vast, terrible
> in-between."
>
> --Emperor Turhan, Centauri Republic
>
>
> ------------------------------------------------------------------------------
> All the data continuously generated in your IT infrastructure
> contains a definitive record of customers, application performance,
> security threats, fraudulent activity, and more. Splunk takes this
> data and makes sense of it. IT sense. And common sense.
> http://p.sf.net/sfu/splunk-novd2d
> _______________________________________________
> Snort-devel mailing list
> Snort-devel () lists sourceforge net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
>
> Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------
Keep Your Developer Skills Current with LearnDevNow!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-d2d

_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel

Please visit http://blog.snort.org for the latest news about Snort!