[Snort-devel] thread variables/program variables
Michael.Richardson at ...2449...
Tue Apr 6 09:49:06 EDT 2004
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Michael" == Michael Richardson <Michael.Richardson at ...2449...> writes:
Michael> The changes/churn is extensive, but not that major. I have
Michael> generated a patch and applied it to HEAD checked out from
Michael> SF.net. The patch is at:
Michael> patch -p0 it from "snort" directory.
This patch is incomplete - it compiled, but it was wrong due to
missing/wrong prototypes. (Often the .c file didn't include the .h file!)
I found this while testing snort on Friday afternoon.
I have since been back and made sure that it compiles with
-Wmissing-prototypes -Wstrict-prototypes -Werror
There was one place where this was difficult, and this was with the
mpse code. Some of it assumes that the match function takes wants
an unsigned id, other parts assume "void *".
I changed it to be a union of the two. I think the snort code only
ever uses the void *id usage.
Having done that, I discovered in testing that the Alert*() functions
can get called with "Packet *p" == NULL. As such, p->tv will not be
available. So, the Alert*() functions grew a "TV *tv" parameter.
(having prototypes made that MUCH easier)
It seems to operate in UML test bed just fine now.
The revised patch (against CVS from Friday, since sf.net seems broken
today...) is at
Now, back to benchmarking of the SW5000.
] ON HUMILITY: to err is human. To moo, bovine. [
] Michael Richardson, Seaway Networks Corporation [
] michael at ...2449... http://www.seawaynetworks.com/ [
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
This message and any attachments are intended only for the use of the
recipient(s) to which it is addressed, and may contain information that is
privileged, confidential and exempt from disclosure under applicable law.
Unless you are the addressee (or authorized to receive for the addressee),
you may not review, use, copy or disclose the message or any information
contained in the message. If you have received the message in error,
please advise the sender by reply e-mail and delete the message and any
attachments. Thank you.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Finger me for keys
-----END PGP SIGNATURE-----
More information about the Snort-devel