[Snort-devel] Weekend patches

Christopher Cramer cec at ...56...
Sun Oct 29 23:08:41 EST 2000


This is my fault.  I saw the error Friday but didn't have time to fix the
patch.  The TCP, UDP and ICMP checksums set the flag if the returned
checksum is == 0, this should of course be !=.  I'll make the submit the
fix Monday.


On Sun, 29 Oct 2000, Martin Roesch wrote:

> Hi guys,
>     I've done a bit of coding this weekend and added or fixed a bunch of stuff
> in CVS.  Right now, I've got the snprintf code working (apparently) on all
> platforms in the house (Sparc, Alpha, x86,
> Linux/OpenBSD/FreeBSD/Solaris/Tru64), so that little hurdle has been jumped. 
> I integrated Chris Cramer's checksumming code into the system this morning,
> but there's a problem.  The checksums for the IP headers are working fine, but
> the transport checksums *always* come back bad (compile with -DDEBUG to see it
> in action).
>      I've also gone thru the decoder and converted all data types to explicit
> bit widths to avoid confision on 64-bit architectures (Alpha), as well as
> going through and updating a lot of comments in the decode.c file.  There's a
> bunch of other stuff that's been tweaked as well, here's the list:
> Stuff added/fixed this weekend:
> * Chris Cramer's Checksum patches
> * snprintf on Tru64
> * configure script for snprintf inclusion
> * Tighter bitwise specific types for decoders (for 64-bit decoding on Alpha)
> * tcpdump plugin cleans up log file if no data has been written to log before
> shutdown (no more 24-byte files laying around the hard drive)
> * re-indented decode.c file
> * updated comments in decode.c
> * touched up plugbase.h to fix header file includes for the ioctls that are
> being called
> * UID=0 check added at startup time, Snort doesn't allow non-root users to
> even get started
> Problems:
> * Transport layer checksumming doesn't work right currently
> * XML plugin won't compile on OpenBSD due to some problem with rsa.h
> Jed, XML isn't compiling correctly on OpenBSD right now, if you want to give
> it a try you can log into elric and try your hand at fixing it.
>      -Marty
> -- 
> Martin Roesch
> roesch at ...48...
> http://www.snort.org
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> http://lists.sourceforge.net/mailman/listinfo/snort-devel

More information about the Snort-devel mailing list