[Snort-devel] [PATCH] DAQ IPFW module packet injection fix

Lawrence Teo lteo at ...3378...
Tue Feb 26 00:00:34 EST 2013

Hello Snort dev team,

I would like to report a bug in the DAQ IPFW module and contribute a
patch that fixes it.

In DAQ 2.0.0, the ipfw_daq_inject() function in daq_ipfw.c currently
ignores the buf and len arguments that are passed to it, and instead
calls ipfw_daq_forward() with impl->buf and hdr->pktlen.

This causes packet injections to fail when Snort is used with BSD's
divert sockets.  For example, when a Snort rule that is in reject mode
is triggered, the TCP resets are never sent.

The attached patch fixes this bug and allows packet injections to work
with divert sockets again.

-------------- next part --------------
--- daq_ipfw.c.orig	Thu Sep  6 11:17:26 2012
+++ daq_ipfw.c	Mon Feb 25 23:33:08 2013
@@ -253,13 +253,13 @@ static int ipfw_daq_forward (
 static int ipfw_daq_inject (
     void* handle, const DAQ_PktHdr_t* hdr, const uint8_t* buf, uint32_t len,
     int reverse)
     IpfwImpl* impl = (IpfwImpl*)handle;
-    int status = ipfw_daq_forward(impl, hdr, impl->buf, hdr->pktlen, 0);
+    int status = ipfw_daq_forward(impl, hdr, buf, len, 0);
     if ( status == DAQ_SUCCESS )
     return status;

More information about the Snort-devel mailing list