Fwd: [Snort-devel] Apparent bug with 'NEXT LINK MTU' output

James Hoagland hoagland at ...60...
Wed Oct 16 08:14:10 EDT 2002


Greetings,

I thought I'd re-report this bug since it is still in Snort, at least 
through 1.9.0 and what is in the CVS.  I hope it's on the to-do list 
since it is hard for alert parsers to work around it.

Best regards,

   Jim

>To: snort-devel at lists.sourceforge.net
>From: James Hoagland <hoagland at ...60...>
>Cc: hoagland at ...60...
>Subject: [Snort-devel] Apparent bug with 'NEXT LINK MTU' output
>Sender: snort-devel-admin at lists.sourceforge.net
>Date: Fri, 10 May 2002 10:12:29 -0700
>
>
>Hello all,
>
>I just stumbled across a mini-bug in PrintICMPHeader().  There is a 
>newline at the end of the output in the ICMP_FRAG_NEEDED case:
>
>                 case ICMP_FRAG_NEEDED:
>                     fprintf(fp, "FRAGMENTATION NEEDED, DF SET\n"
>                             "NEXT LINK MTU: %u\n",
>                             ntohs(p->icmph->s_icmp_nextmtu));
>                     break;
>
>In all the parallel cases (including ICMP_PKT_FILTERED, the other 
>multi-line case), there is not newline at the end.  So this would 
>seem to be a little typo.  The effect of this is that an alert is 
>not all in one paragraph, but instead there is an empty line in the 
>middle.
>
>Attached is a small patch against 1.8.7beta2.  (Or just fire up vi 
>and hit 'x' twice. :) )
>
>Kind regards,
>
>   Jim


-- 
|*      Jim Hoagland, Associate Researcher, Silicon Defense      *|
|*            --- Silicon Defense: IDS Solutions ---             *|
|*  hoagland at ...60..., http://www.silicondefense.com/  *|
|*   Voice: (530) 756-7317                 Fax: (530) 756-7297   *|
-------------- next part --------------
A non-text attachment was scrubbed...
Name: %log.c.patch
Type: application/applefile
Size: 121 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20021016/47597456/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: log.c.patch
Type: application/octet-stream
Size: 400 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20021016/47597456/attachment.obj>


More information about the Snort-devel mailing list