[Snort-devel] New entry in Signature table for tagged packets
frank at ...2134...
Thu Nov 25 14:01:13 EST 2004
it looks like Snort creates a new entry for "Tagged Packet" in the
signature table on every tagged packet. It enters the same name, class,
priority, rev and sid each time.
I can't see any reason for this so I assume it's a bug. My guess is that
it is caused by the section in spo_database that checks if the sid is
>0. I'm unsure how to fix that though. I would recommend to enclose that
whole block in a branch that first checks if it is a valid sig or tagged
packet and then handles tagged packets like an existing sig.... in
essence using the existing sig_id in the db instead of creating a new
Frank (time-to-turkey: <2 hrs)
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 187 bytes
Desc: This is a digitally signed message part
More information about the Snort-devel