[Snort-devel] SFSnortPacket: Problem when getting packet payload

Hai Minh Nguyen lightsea90 at ...2499...
Tue May 14 06:39:21 EDT 2013


I'm writing a dynamic preprocessor which examines all packet payload. I
found that SFSnortPacket contained 2 members: payload (pointer) and
payload_size. I used these 2 members to read packet payload. But when I
tested with those packets of a HTTP stream (definitely payload existed), it
shown that payload_size = 0 and payload != NULL. I thought if payload_size
= 0 then payload = NULL :|

My questions:

1. If payload_size = 0, there's no payload, just header and payload = NULL.
Is this true? What about my case?

2. How to examine packet payload? (Is that my way right? How to fix? Any
other solution?)

Kiếm ma độc cô cầu bại - Ôi, một đời oanh liệt, chỉ mong được chiến bại một
lần, nhưng chưa ai qua nổi quá tam chiêu!!!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20130514/636d8c77/attachment.html>

More information about the Snort-devel mailing list