[Snort-devel] [PATCH] DAQ IPFW module packet injection fix
lteo at ...3378...
Tue Feb 26 00:00:34 EST 2013
Hello Snort dev team,
I would like to report a bug in the DAQ IPFW module and contribute a
patch that fixes it.
In DAQ 2.0.0, the ipfw_daq_inject() function in daq_ipfw.c currently
ignores the buf and len arguments that are passed to it, and instead
calls ipfw_daq_forward() with impl->buf and hdr->pktlen.
This causes packet injections to fail when Snort is used with BSD's
divert sockets. For example, when a Snort rule that is in reject mode
is triggered, the TCP resets are never sent.
The attached patch fixes this bug and allows packet injections to work
with divert sockets again.
-------------- next part --------------
--- daq_ipfw.c.orig Thu Sep 6 11:17:26 2012
+++ daq_ipfw.c Mon Feb 25 23:33:08 2013
@@ -253,13 +253,13 @@ static int ipfw_daq_forward (
static int ipfw_daq_inject (
void* handle, const DAQ_PktHdr_t* hdr, const uint8_t* buf, uint32_t len,
IpfwImpl* impl = (IpfwImpl*)handle;
- int status = ipfw_daq_forward(impl, hdr, impl->buf, hdr->pktlen, 0);
+ int status = ipfw_daq_forward(impl, hdr, buf, len, 0);
if ( status == DAQ_SUCCESS )
More information about the Snort-devel