[Snort-devel] Re: spp_defrag.c 1.0b20

Christopher Cramer cec at ...56...
Wed Sep 20 10:21:05 EDT 2000

Well, I've been running two versions side by side on the same box under
gdb and we seem to have a winner!  The unpatched version usually crashes
within 2 minutes (spp_defrag on a created packet), the latest has been
running for 2 hours at least, both are working on the same input packets.


On Tue, 19 Sep 2000, Dragos Ruiu wrote:

> On Mon, 18 Sep 2000, Dragos Ruiu wrote:
> > On Mon, 18 Sep 2000, Christopher Cramer wrote:
> > > This is what causes the screw up.  Adding 2 bytes of padding at p->eh
> > > aligns things properly.  This may be why libpcap passes around two
> > > pointers, one for pkth and one for pkt, instead of just pkth and assume we
> > > know where pkt is.
> > I'll add the pad and circulate ASAP
> is Beta 20 the magic Solaris happy version?
> Only you sparc enabled gentlemen can tell....  I just chaged the "magic" pad
> factor to two.... I knew I was on the right track... just that four should
> have been a 2:-)
> I've removed some of the older klugey temporary variable bs
> because theoretically it should no longer be necessary (famous last 
> words :-). If someone can successfully run this for one full day without a
> crash I'll release it and give it a permanent home on kyx.net or somewhere 
> in preparation for V2.0.
> Cross your toes,
> --dr
> -- 
> Dragos Ruiu <dr at ...9...>  dursec.com ltd. / kyx.net - we're from the future 
> gpg/pgp key on file at wwwkeys.pgp.net

More information about the Snort-devel mailing list