[Snort-devel] Re: unix sockets

Phil Wood cpw at ...86...
Wed Sep 26 14:24:02 EDT 2001


Damn, 

I sent the wrong diff.  Please try this one instead.

Later,

-- 
Phil Wood, cpw at ...86...

-------------- next part --------------
--- snort/snort.c	Tue Sep 25 21:10:20 2001
+++ snort+/snort.c	Wed Sep 26 21:22:06 2001
@@ -396,8 +396,6 @@
 
                 case ALERT_UNSOCK:
                     AddFuncToOutputList(SpoAlertUnixSock, NT_OUTPUT_ALERT, NULL);
-                    OpenAlertSock();
-
                     break;
 
                 case ALERT_STDOUT:
--- snort/log.c	Tue Sep 25 19:54:47 2001
+++ snort+/log.c	Wed Sep 26 21:22:06 2001
@@ -592,9 +592,8 @@
  *
  * Returns: void function
  */
-void OpenAlertSock()
+void OpenAlertSock( char *srv )
 {
-    char *srv = UNSOCK_FILE;
 
     if(access(srv, W_OK))
     {
--- snort/spo_alert_unixsock.c	Tue Sep 25 19:54:49 2001
+++ snort+/spo_alert_unixsock.c	Wed Sep 26 21:22:06 2001
@@ -104,11 +104,20 @@
  */
 void ParseAlertUnixSockArgs(char *args)
 {
+    char *srv = UNSOCK_FILE;
+
 #ifdef DEBUG
     printf("ParseAlertUnixSockArgs: %s\n", args);
 #endif
     /* eventually we may support more than one socket */
-    OpenAlertSock();
+    if (!args || *args == '\0')
+    {
+    	OpenAlertSock (srv);
+    }
+    else
+    {
+        OpenAlertSock(args);
+    }
 }
 
 /****************************************************************************
@@ -149,6 +158,10 @@
         bcopy((const void *)msg,(void *)alertpkt.alertmsg,
                strlen(msg)>ALERTMSG_LENGTH-1 ? ALERTMSG_LENGTH - 1 : strlen(msg));
     }
+    else
+    {
+	msg = "no message";
+    }
 
     /* some data which will help monitoring utility to dissect packet */
     if(!(alertpkt.val & NOPACKET_STRUCT))
@@ -181,8 +194,9 @@
 
 
     if(sendto(alertsd,(const void *)&alertpkt,sizeof(Alertpkt),
-              0,(struct sockaddr *)&alertaddr,sizeof(alertaddr))==-1)
+              0,(struct sockaddr *)&alertaddr,SUN_LEN(&alertaddr))==-1)
     {
+	    ErrorMessage ("SpoAlertUnixSock: msg: %s sendto error %s\n", msg, strerror(errno));
         /* whatever we do to sign that some alerts could be missed */
     }
 


More information about the Snort-devel mailing list