[Snort-devel] [PATCH] DAQ IPFW module packet injection fix

Hui Cao hcao at ...402...
Tue Feb 26 10:21:38 EST 2013


HI Lawrence,

Thanks for reporting this and providing a patch. We will address this issue.

Thanks,
Hui.

On Tue, Feb 26, 2013 at 12:00 AM, Lawrence Teo <lteo at ...3378...> wrote:
> Hello Snort dev team,
>
> I would like to report a bug in the DAQ IPFW module and contribute a
> patch that fixes it.
>
> In DAQ 2.0.0, the ipfw_daq_inject() function in daq_ipfw.c currently
> ignores the buf and len arguments that are passed to it, and instead
> calls ipfw_daq_forward() with impl->buf and hdr->pktlen.
>
> This causes packet injections to fail when Snort is used with BSD's
> divert sockets.  For example, when a Snort rule that is in reject mode
> is triggered, the TCP resets are never sent.
>
> The attached patch fixes this bug and allows packet injections to work
> with divert sockets again.
>
> Regards,
> Lawrence
>
> ------------------------------------------------------------------------------
> Everyone hates slow websites. So do we.
> Make your web apps faster with AppDynamics
> Download AppDynamics Lite for free today:
> http://p.sf.net/sfu/appdyn_d2d_feb
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
> Archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel
>
> Please visit http://blog.snort.org for the latest news about Snort!




More information about the Snort-devel mailing list