[Snort-devel] problem with Snort! Version 1.7-beta5 rules.c

Phil Wood cpw at ...86...
Mon Nov 27 11:28:35 EST 2000


Folks,

! is broken on source and destination ip addresses.  The following patch
seems to work for me.  But please don't take as gospel.

Thanks,

Phil

*** rules.c.old	Sun Nov 26 08:21:56 2000
--- rules.c	Sun Nov 26 19:40:01 2000
***************
*** 3784,3787 ****
--- 3784,3788 ----
              printf("  SIP match\n");
  #endif
+ 	    if(idx->addr_flags & EXCEPT_IP) break;
              /* the packet matches this test, proceed to the next test */
              return fp_list->next->RuleHeadFunc(p, rtn_idx, fp_list->next);
***************
*** 3882,3885 ****
--- 3883,3887 ----
                  printf("  DIP match\n");
  #endif
+ 		if(idx->addr_flags & EXCEPT_IP) break;
                  return fp_list->next->RuleHeadFunc(p, rtn_idx, fp_list->next);
          }




More information about the Snort-devel mailing list