[Snort-devel] thread variables/program variables

Michael Richardson Michael.Richardson at ...2449...
Tue Apr 6 09:49:06 EDT 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


>>>>> "Michael" == Michael Richardson <Michael.Richardson at ...2449...> writes:
    Michael> The changes/churn is extensive, but not that major. I have
    Michael> generated a patch and applied it to HEAD checked out from
    Michael> SF.net. The patch is at:
    Michael> http://www.sandelman.ca/SSW/seaway/snort1.patch.gz

    Michael>       patch -p0 it from "snort" directory.

  This patch is incomplete - it compiled, but it was wrong due to
missing/wrong prototypes. (Often the .c file didn't include the .h file!)

  I found this while testing snort on Friday afternoon.
  I have since been back and made sure that it compiles with
     -Wmissing-prototypes -Wstrict-prototypes -Werror

  There was one place where this was difficult, and this was with the
mpse code. Some of it assumes that the match function takes wants
an unsigned id, other parts assume "void *".

  I changed it to be a union of the two. I think the snort code only
ever uses the void *id usage.

  Having done that, I discovered in testing that the Alert*() functions
can get called with "Packet *p" == NULL.  As such, p->tv will not be
available. So, the Alert*() functions grew a "TV *tv" parameter.
  (having prototypes made that MUCH easier)

  It seems to operate in UML test bed just fine now.

  The revised patch (against CVS from Friday, since sf.net seems broken
today...) is at
    http://www.sandelman.ca/SSW/seaway/snort-2004-04-06.patch.gz

  Now, back to benchmarking of the SW5000.

- --
]       ON HUMILITY: to err is human. To moo, bovine.                         [
]   Michael Richardson,            Seaway Networks Corporation                [
]   michael at ...2449...     http://www.seawaynetworks.com/             [
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [

   This message and any attachments are intended only for the use of the       
   recipient(s) to which it is addressed, and may contain information that is  
   privileged, confidential and exempt from disclosure under applicable law.   
   Unless you are the addressee (or authorized to receive for the addressee),  
   you may not review, use, copy or disclose the message or any information    
   contained in the message. If you have received the message in error,        
   please advise the sender by reply e-mail and delete the message and any     
   attachments. Thank you.                                                     

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Finger me for keys

iD8DBQFAct8Y22r3dfT9QZERApKOAKDKKA7XI95ND1G7JrqLxH8K4kbr2ACggk8K
4S7EsCKvS0vaUpLuzt20klU=
=7IoF
-----END PGP SIGNATURE-----




More information about the Snort-devel mailing list