[Snort-devel] Version 1.7-beta6: snort.c

Phil Wood cpw at ...86...
Wed Nov 29 15:54:09 EST 2000


Folks,

I have a suggestion for the OpenPcap subroutine.  IMHO it would be 
appropriate to check for 'pv.interfaces[num] == NULL' inside the
conditional dealing with reading packets off a network interface.

This would avoid erroneous commentary about 'eth#' or whatever, if the
user selected to read packets from a tcpdump formatted file.

While I was at it, I moved the printf related to "Initializing Network
Interface" also, and added one to print out the name of the file being
read, if so indicated.

The following diff will be offset line number-wise, because of some cruft
I've inserted to handle local pcap differences.

Thanks,

Phil

(snort.c.new has my modifications)

*** snort.c	Wed Nov 29 13:08:32 2000
--- snort.c.new	Wed Nov 29 13:44:18 2000
*** 1367,1370 ****
--- 1367,1373 ----
      bpf_u_int32 defaultnet = 0xFFFFFF00;
  
+     /* if we're not reading packets from a file */
+     if (!pv.readmode_flag)
+     {
          if (pv.interfaces[num] == NULL)
          {
***************
*** 1388,1394 ****
  	printf("\nInitializing Network Interface %s\n", pv.interfaces[num]);
      }
-     /* if we're not reading packets from a file */
-     if (!pv.readmode_flag)
-     {
  	if (pv.pkt_snaplen)	/* if it's set let's try it... */
  	{
--- 1391,1394 ----
***************
*** 1421,1425 ****
  #endif
      } else
!     {				/* reading packets from a file */
  	/* open the file */
  	pds[num] = pcap_open_offline(intf, errorbuf);
--- 1421,1429 ----
  #endif
      } else
!     {
!         if (!pv.quiet_flag)
!         {
!     	    printf("\nReading network traffic from %s\n", intf);
!         }
  	/* open the file */
  	pds[num] = pcap_open_offline(intf, errorbuf);



More information about the Snort-devel mailing list