[Snort-devel] Patch for supporting remote adapters in snort

Fulvio Risso fulvio.risso at ...157...
Wed May 21 06:12:01 EDT 2003


Hello folks.

As you may have been noticed, the new WinPcap 3.0 adds support for remote
capture.
I think this could be very useful in snort as well.
The changes required to support this feature are really limited.

Below they are:



************************************************************************
File src/win32/WIN32-Code/misc.c, function print_interface() (line 127)
************************************************************************
This function must be replaced with the following code:

char *print_interface(char *szInterface)
{
static char device[128];

	/* Device always ends with a double \0, so this way to
	   determine its length should be always valid */
	if(IsTextUnicode(szInterface, wcslen((short*)szInterface), NULL))
		sprintf(device, "%ws", szInterface);
	else
		sprintf(device, "%s", szInterface);

	return(device);
}



************************************************************************
File src/win32/snort.c, function ParseCmdLine() (line 893)
************************************************************************
The piece of code in between
   #ifndef WIN32
must be replaced in order to allow specifying the complete interface name
(like in UNIX).

You have to get rid off all the code of the block
   #ifndef WIN32
   ...
   #endif

and replace with the new one:

#ifdef WIN32
                /* ifdef WIN32 */
                devicet = NULL;
                adaplen = atoi(optarg);
                if( adaplen > 0 )
                {
                    devicet = pcap_lookupdev(errorbuf);
                    if ( devicet == NULL )
                    {
                        perror(errorbuf);
                        exit(1);
                    }

                    pv.interface = GetAdapterFromList(devicet, adaplen);
                    if ( pv.interface == NULL )
                    {
                        LogMessage("Invalid interface '%d'.", atoi(optarg));
                        exit(1);
                    }


                    DEBUG_WRAP(DebugMessage(DEBUG_INIT, "Interface = %s\n",
                                PRINT_INTERFACE(pv.interface)));
                }
                else
#endif  /* WIN32 */
				/* this code handles the case in which the user specifies
				   the entire name of the interface and it is compiled
				   whatever OS you have */
				{
					pv.interface = (char *)malloc(strlen(optarg) + 1);
					/* XXX OOM check */
					strlcpy(pv.interface, optarg, strlen(optarg)+1);
					DEBUG_WRAP(DebugMessage(DEBUG_INIT,
						"Interface = %s\n",
						PRINT_INTERFACE(pv.interface)););
				}
                break;



We (the WinPcap team) will be very happy if you want to include these
patches in your next release.
Thank you very much,

	fulvio


*****************************************************************
Fulvio Risso
Dip. di Automatica e Informatica    email: fulvio.risso at ...157...
Politecnico di Torino               phone:        +39-011-5647008
Corso Duca degli Abruzzi, 24        fax:          +39-011-5647099
10129 Torino (Italia)               mobile:       +39-328-8424033
*****************************************************************






More information about the Snort-devel mailing list