[Snort-devel] Duplicate/similar struct definitions between src/decoder.h and src/dynamic_plugins/sf_engine/sf_snort_packet.h?

Joshua.Kinard at ...3108... Joshua.Kinard at ...3108...
Thu Aug 11 00:55:34 EDT 2011


Hi snort-devel,

Looking through src/decoder.h at the typedef/struct for 'Packet', a
comment says that if any changes were made, to update the similar
definition in sf_snort_packet.h.  Opening that file up, pretty much, all
the same data structures from decoder.h are duplicated, just with minor
variations (like u_int32_t versus uint32_t).

My question is why?

Wouldn't it be better to have a single, common definition in a central
header file for all the various protocol headers (IPv4, IPv6, TCP, UDP,
MPLS, etc), rather than re-defining multiple variants?  Aside from the
changes in the data types (which I am sure are just typedefs of each
other) and the names, everything looks the exact same.

Example:

src/decoder.h:
    typedef struct _UDPHdr
    {
        uint16_t uh_sport;
        uint16_t uh_dport;
        uint16_t uh_len;
        uint16_t uh_chk;
    }       UDPHdr;

src/dynamic_plugins/sf_engine/sf_snort_packet.h:
    typedef struct _UDPHeader
    {
        u_int16_t source_port;
        u_int16_t destination_port;
        u_int16_t data_length;
        u_int16_t checksum;
    } UDPHeader;

Seems wasteful, but maybe there is some kind of legacy issue that is
undocumented?

--J




More information about the Snort-devel mailing list