[Snort-devel] spo_csv.c - minor errors

Bill Guyton guyton at ...2389...
Thu Feb 19 06:40:09 EST 2004


In Snort-2.1.1-RC1 and the latest CVS version, (I'm upgrading from 2.0.5),
I noticed that spo_csv.c has a couple of minor errors:

1) the "src" and "dst" types are compared to the "type" variable, checking
   for up to three characters.  Following that are the "srcport" and "dstport"
   checks (also for three characters, should be 7).  But the "src" and "dst"
   types are matched beforehand.  So current default CSV output is
   "src,src,src,src" instead of "src,srcport,dst,dstport".  Need to move the
   srcport and dstport checks before the src and dst checks.

2) The dstport section is actually printing out the src port.  Needs to
   be changed.

Below is my "diff -e spo_csv.c spo_csv.c" output. On linux, I can run
"patch spo_csv.c mypatch" to make the corrections.  My apologies if this is
not the preferred format for code suggestions.

Thanks!
Bill Guyton


############## END DIFF -e ##############
399a
        else if(!strncasecmp("src", type, 3))
        {
        if(p->iph)
            fputs(inet_ntoa(p->iph->ip_src), file);
        }
        else if(!strncasecmp("dst", type, 3))
        {
        if(p->iph)
            fputs(inet_ntoa(p->iph->ip_dst), file);
        }
.
395c
                            fprintf(file, "%d", p->dp);
.
387c
        else if(!strncasecmp("dstport", type, 7))
.
364,374c
        else if(!strncasecmp("srcport", type, 7))
.
############## END DIFF ##############







More information about the Snort-devel mailing list