[Snort-devel] Byte order problem in icmp_seq check.

Andreas Östling andreaso at ...387...
Sat Jun 22 15:33:01 EDT 2002

There seems to be an issue with the icmp_seq check in at least 1.8.7beta
build 127 and 1.9-dev build 161 on OpenBSD 3.1/i386.

In IcmpSeqCheck(), p->icmph->s_icmp_seq which is in network byte order is
compared to ((IcmpSeqData *) otn->ds_list[PLUGIN_ICMP_SEQ_CHECK])->icmpseq
which is in host byte order.

I believe this patch should fix it. (Similar to what's in

--- sp_icmp_seq_check.c Sun Jun 23 00:09:00 2002
+++ sp_icmp_seq_check.c Sun Jun 23 00:09:40 2002
@@ -133,6 +133,7 @@
     while(isspace((int)*data)) data++;

     ds_ptr->icmpseq = atoi(data);
+    ds_ptr->icmpseq = htons(ds_ptr->icmpseq);

 #ifdef DEBUG
     printf("Set ICMP Seq test value to %d\n", ds_ptr->icmpseq);

Andreas Östling

More information about the Snort-devel mailing list