[Snort-devel] SFSnortPacket: Problem when getting packet payload
Hai Minh Nguyen
lightsea90 at ...2499...
Tue May 14 06:39:21 EDT 2013
I'm writing a dynamic preprocessor which examines all packet payload. I
found that SFSnortPacket contained 2 members: payload (pointer) and
payload_size. I used these 2 members to read packet payload. But when I
tested with those packets of a HTTP stream (definitely payload existed), it
shown that payload_size = 0 and payload != NULL. I thought if payload_size
= 0 then payload = NULL :|
1. If payload_size = 0, there's no payload, just header and payload = NULL.
Is this true? What about my case?
2. How to examine packet payload? (Is that my way right? How to fix? Any
Kiếm ma độc cô cầu bại - Ôi, một đời oanh liệt, chỉ mong được chiến bại một
lần, nhưng chưa ai qua nổi quá tam chiêu!!!
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-devel