[Snort-devel] Commentary and patch for snort 1.8.3

Phil Wood cpw at ...86...
Thu Jan 10 13:58:02 EST 2002


Marty,

1. CreatePidFile problem

In CreatePidFile there is an array:

  char log_dir[STD_BUF + 1];

It is only referenced once in the subroutine:

  snprintf(pv.pid_path, STD_BUF, "%s/", log_dir);

I don't think it has been initialized by the time the  above code is
executed.

2. Additional switch for snort to modify the name of the pid file.

I needed to run multiple copies of snort on the same interface using
different filters and such.  The problem is the run file name just
uses the interface name (eth0, ...).  So, I figured out an unused option
character to add a small unique string to disambiguate the /var/run/snort...
filename.  (-R for runtime)

Hopefully the patch I have attached will do the job.

Thanks,

PS: Glad to your back on the list.

PS1: I've got Mike Fisks pattern match speed up code in hand and am trying
     to get it running with 1.8.3.  The good news is that Mike said he
     would help me as I try to get the multiple content and uricontent
     subroutines updated.  Not there yet.
       
-- 
Phil Wood, cpw at ...86...

-------------- next part --------------
diff -Naur -b snort/snort.c snort+/snort.c
--- snort/snort.c	Mon Jan  7 16:29:56 2002
+++ snort+/snort.c	Thu Jan 10 21:37:28 2002
@@ -603,6 +603,7 @@
             SNAPLEN);
     fputs("        -q         Quiet. Don't show banner and status report\n", stderr);
     fputs("        -r <tf>    Read and process tcpdump file <tf>\n", stderr);
+    fputs("        -R <suf>   Augment the /var/run filename a tad\n", stderr);
 #ifdef WIN32
     fputs("        -s <server:port> Log alert messages to syslog server (default port: 514)", stderr);
 #else
@@ -678,12 +679,13 @@
     username = NULL;
     groupname = NULL;
     chrootdir = NULL;
+    pv.pidfile_suffix[0] = '\0';
 
 #ifndef WIN32
-    valid_options = "B:fk:TXL:IOCqS:pNA:m:F:DM:br:xeh:l:dc:n:P:"
+    valid_options = "R:B:fk:TXL:IOCqS:pNA:m:F:DM:br:xeh:l:dc:n:P:"
         "i:G:vV?aso6u:g:t:Uyz:";
 #else
-    valid_options = "B:fk:TXL:IOCWqS:pNA:m:F:DM:br:xeh:l:dc:n:P:"
+    valid_options = "R:B:fk:TXL:IOCWqS:pNA:m:F:DM:br:xeh:l:dc:n:P:"
         "i:G:vV?aEo6u:g:s:t:Uyzw:";
 #endif
 
@@ -1052,6 +1054,28 @@
 
                 break;
 
+            case 'R': /* augment pid file name */
+                if (strlen(optarg) < MAX_PIDFILE_SUFFIX && strlen(optarg) > 0)
+                {
+                    if (!strstr(optarg, "..") && !(strstr(optarg, "/")))
+                    {
+                        snprintf(pv.pidfile_suffix, MAX_PIDFILE_SUFFIX+2, "-%s",
+                                optarg);
+                    }
+                    else
+                    {
+                        FatalError("ERROR: illegal pidfile suffix: %s\n",
+                                optarg);
+                    }
+                }
+                else
+                {
+                    FatalError("ERROR: pidfile suffix length problem: %d\n",
+                            strlen(optarg) );
+                }
+
+                break;
+
             case 's':  /* log alerts to syslog */
                 pv.syslog_flag = 1;
                 DebugMessage(DEBUG_INIT, "Logging alerts to syslog\n");
@@ -2907,7 +2931,6 @@
 {
     FILE *pid_file;
     struct stat pt;
-    char log_dir[STD_BUF + 1];
 #ifdef WIN32
     char dir[STD_BUF + 1];
 #endif
@@ -2948,7 +2971,7 @@
                              "PID to log directory (%s)\n", pv.pid_path,
                               pv.log_dir);
 
-                snprintf(pv.pid_path, STD_BUF, "%s/", log_dir);
+                snprintf(pv.pid_path, STD_BUF, "%s/", pv.log_dir);
             }
         }
         else
@@ -2968,7 +2991,8 @@
     
     LogMessage("Writing PID file to \"%s\"\n", pv.pid_path);
 
-    snprintf(pv.pid_filename, STD_BUF,  "%s/snort_%s.pid", pv.pid_path, intf);
+    snprintf(pv.pid_filename, STD_BUF,  "%s/snort_%s%s.pid", pv.pid_path, intf,
+            pv.pidfile_suffix);
 
     pid_file = fopen(pv.pid_filename, "w");
 
diff -Naur -b snort/snort.h snort+/snort.h
--- snort/snort.h	Wed Jan  9 05:47:18 2002
+++ snort+/snort.h	Thu Jan 10 21:17:22 2002
@@ -226,6 +226,7 @@
 #define RF_ANY_DP     0x10
 #define RF_ANY_FLAGS  0x20
 
+#define MAX_PIDFILE_SUFFIX 4
 /*
  * you may need to ajust this on the systems which don't have standard
  * paths defined
@@ -375,6 +376,7 @@
     int include_year;
     int ghetto_msg_flag;
     ClassTypes *ct;  /* rule classification types */
+    char pidfile_suffix[MAX_PIDFILE_SUFFIX+2]; /* allow for dash in front */
 } PV;
 
 /* struct to collect packet statistics */


More information about the Snort-devel mailing list