Where to put new protocol header object in Packet structure given in decode.h

[Awais Ali via Snort-devel <snort-devel () lists snort org>]

Hello all,
I wrote a new decoder function for layer 2 protocol in decode.c file and
defined the header of that protocol as structure in decode.h. To use the
same Packet as given by snort, i declared the header object in "struct
_Packet"  at the end of structure like this:

typedef struct _Packet
{
    const DAQ_PktHdr_t *pkth;    // packet meta data
    const uint8_t *pkt;         // raw packet data

    //vvv------------------------------------------------
    // TODO convenience stuff to be refactored for layers
    //^^^------------------------------------------------

    //vvv-----------------------------
    EtherARP *ah;
    const EtherHdr *eh;         /* standard TCP/IP/Ethernet/ARP headers */
    const VlanTagHdr *vh;
    EthLlc *ehllc;
    EthLlcOther *ehllcother;
    const PPPoEHdr *pppoeh;     /* Encapsulated PPP of Ether header */
    const GREHdr *greh;
    uint32_t *mpls;
    const CiscoMetaHdr *cmdh;                /* Cisco Metadata Header */

    const IPHdr *iph, *orig_iph;/* and orig. headers for ICMP_*_UNREACH
family */
    const IPHdr *inner_iph;     /* if IP-in-IP, this will be the inner IP
header */
    const IPHdr *outer_iph;     /* if IP-in-IP, this will be the outer IP
header */
    const TCPHdr *tcph, *orig_tcph;
    const UDPHdr *udph, *orig_udph;
    const UDPHdr *inner_udph;   /* if Teredo + UDP, this will be the inner
UDP header */
    const UDPHdr *outer_udph;   /* if Teredo + UDP, this will be the outer
UDP header */
    const ICMPHdr *icmph, *orig_icmph;
    .
    .
    .
    .

    uint8_t ps_proto;  // Used for portscan and unified2 logging

    uint8_t ips_os_selected;
    void    *cur_pp;
    // Expected session created due to this packet.
    struct _ExpectNode* expectedSession;
    const GOOSEHdr *gooseh; /* Goose Header*/ ------------------>> This is
my new protocol header object
} Packet;

It works fine and decodes newly added protocol as expected but there is one
issue, and that is it disturbs other traffic and gives assertion error like
this:

snort: snort_stream_tcp.c:3407: StreamUpdatePerfBaseState: Assertion
`sf_base->iSessionsInitializing' failed.
Aborted (core dumped)

when i remove  const GOOSEHdr *gooseh; then i don't get this error. My
question is where to put this new protocol header object so that i
don't get such assertion errors? Can someone explain to me this Packet
structure how it's being used and being populated in SNORT2?

Sorry for the long email. I hope you people will cooperate in this regard.

Thanks,
Awais Ali

_______________________________________________
Snort-devel mailing list
Snort-devel () lists snort org
https://lists.snort.org/mailman/listinfo/snort-devel

Please visit http://blog.snort.org for the latest news about Snort!