[Snort-devel] Copying a packet

Andrew R. Baker andrewb0x29a at ...398...
Thu Oct 4 10:42:05 EDT 2001


If you look carefully at how snort decodes a packet, you will realize that
the Packet structure is just an overlay over the real captured packet.  If
you want to copy a packet, you should use the data pointed at by
Packet->pkt.  The length of the data to copy is at pkth->caplen.

-Andrew


--- Thomas Whipp <tkw at ...415...> wrote:
> Hi all,
> 
> 	something I am trying to do requires me to take a
> copy of a packet to hold for possible later use - however
> the Packet type has quite a lot of internal pointers so I
> can't just do a memcpy.  Is there some form of utility
> function that will make a safe copy of this struct - and a
> corresponding utility function that will free it?


__________________________________________________
Do You Yahoo!?
NEW from Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month.
http://geocities.yahoo.com/ps/info1




More information about the Snort-devel mailing list