[Snort-devel] Snort >= 2.1.3 TCP/IP options bug

Jeff Nathan jeff at ...835...
Thu Oct 14 12:43:32 EDT 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Oct 14, 2004, at 11:58 AM, Evrim ULU wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Martin Roesch wrote:
> | Hey Evrim,
> |
> | It looks like it was built on a linux system so the TCP data 
> structures
> | don't map 1-to-1 over to *BSD systems.  It's also missing an include
> | file before netinet/ip.h for the definition of n_long, looks like it
> | needs in_systm.h on OS X.  Here's gcc output on my Mac (OS X 10.3.5):
> |
>
> Ok, send me the portable version then. Btw, could you post your unit
> testing framework for frag3 module. W/o unit tests i can't debug it to
> find bugs.
>
> Evrim.
>

Evrim,

Here's what we used to test the TCP/IP options bug:
http://cerberus.sourcefire.com/~jeff/tmp/poc.c

Your question re: unit tests is fantastic.  Snort needs unit tests 
throughout the entire tree.

- -Jeff

- --
Top security experts.  Cutting edge tools, techniques and information.
Tokyo, Japan   November, 2004   http://www.pacsec.jp

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)

iD8DBQFBbrr4Eqr8+Gkj0/0RAiruAJ97hf5AarpHMCmMJo7OX2hyuzUoBACcDQbY
1HZO+/WrXxu4MAMC2HjXrN0=
=RwTi
-----END PGP SIGNATURE-----





More information about the Snort-devel mailing list