[Snort-devel] Commentary and patch for snort 1.8.3

Martin Roesch roesch at ...402...
Mon Jan 14 11:17:05 EST 2002


Phil Wood wrote:
> 
> Marty,
> 
> 1. CreatePidFile problem
> 
> In CreatePidFile there is an array:
> 
>   char log_dir[STD_BUF + 1];
> 
> It is only referenced once in the subroutine:
> 
>   snprintf(pv.pid_path, STD_BUF, "%s/", log_dir);
> 
> I don't think it has been initialized by the time the  above code is
> executed.

Isn't snprintf() supposed to auto-terminate the string?

> 2. Additional switch for snort to modify the name of the pid file.
> 
> I needed to run multiple copies of snort on the same interface using
> different filters and such.  The problem is the run file name just
> uses the interface name (eth0, ...).  So, I figured out an unused option
> character to add a small unique string to disambiguate the /var/run/snort...
> filename.  (-R for runtime)
> 
> Hopefully the patch I have attached will do the job.

Ok, that looks pretty small and reasonable, I'll patch it in.

> PS: Glad to your back on the list.

Good to be back, things have been busy of late.  I'm hoping to be able
to announce some good news in the very near future. :)

> PS1: I've got Mike Fisks pattern match speed up code in hand and am trying
>      to get it running with 1.8.3.  The good news is that Mike said he
>      would help me as I try to get the multiple content and uricontent
>      subroutines updated.  Not there yet.

Oh, I'm *very* interested in this.  If you guys would like to work with
me on it I'd like to help out.  Let me know!

     -Marty


--
Martin Roesch - Founder/CEO, Sourcefire Inc. - (410)552-6999
Sourcefire: Professional Snort Sensor and Management Console appliances
roesch at ...402... - http://www.sourcefire.com  
Snort: Open Source Network IDS - http://www.snort.org




More information about the Snort-devel mailing list