[Snort-devel] patch for spp_normalize.c

Gregory S Thomas greg.thomas at ...3372...
Thu Mar 13 20:05:23 EDT 2014


While adding a preprocessor to snort-2.9.6.0, I noticed some copy-and-paste errors in spp_normalize.c:

shell> grep NOT_INLINE snort-2.9.6.0.old/src/preprocessors/spp_normalize.c
#define NOT_INLINE "WARNING: %s normalizations disabled because not inline.\n"
         LogMessage(NOT_INLINE, "ip4");
         LogMessage(NOT_INLINE, "icmp4");
         LogMessage(NOT_INLINE, "ip6");
         LogMessage(NOT_INLINE, "icmp6");
         LogMessage(NOT_INLINE, "tcp");
         LogMessage(NOT_INLINE, "tcp");
         LogMessage(NOT_INLINE, "tcp");
         LogMessage(NOT_INLINE, "tcp");
         LogMessage(NOT_INLINE, "tcp");
         LogMessage(NOT_INLINE, "tcp");

The code should look like this:

shell> grep NOT_INLINE snort-2.9.6.0.new/src/preprocessors/spp_normalize.c
#define NOT_INLINE "WARNING: %s normalizations disabled because not inline.\n"
         LogMessage(NOT_INLINE, "ip4");
         LogMessage(NOT_INLINE, "icmp4");
         LogMessage(NOT_INLINE, "ip6");
         LogMessage(NOT_INLINE, "icmp6");
         LogMessage(NOT_INLINE, "tcp");
         LogMessage(NOT_INLINE, "ip4");
         LogMessage(NOT_INLINE, "icmp4");
         LogMessage(NOT_INLINE, "ip6");
         LogMessage(NOT_INLINE, "icmp6");
         LogMessage(NOT_INLINE, "tcp");

Here is a patch that corrects the errors:

diff -aur snort-2.9.6.0.old/src/preprocessors/spp_normalize.c snort-2.9.6.0.new/src/preprocessors/spp_normalize.c
--- snort-2.9.6.0.old/src/preprocessors/spp_normalize.c 2013-12-31 16:07:55.000000000 +0000
+++ snort-2.9.6.0.new/src/preprocessors/spp_normalize.c 2014-03-13 23:43:45.000000000 +0000
@@ -734,7 +734,7 @@
      if ( pc )
          Parse_IP4(sc, pc, args);
      else
-        LogMessage(NOT_INLINE, "tcp");
+        LogMessage(NOT_INLINE, "ip4");
  }
  
  static void Reload_ICMP4 (struct _SnortConfig *sc, char* args, void **new_config)
@@ -744,7 +744,7 @@
      if ( pc )
          Parse_ICMP4(pc, args);
      else
-        LogMessage(NOT_INLINE, "tcp");
+        LogMessage(NOT_INLINE, "icmp4");
  }
  
  static void Reload_IP6 (struct _SnortConfig *sc, char* args, void **new_config)
@@ -754,7 +754,7 @@
      if ( pc )
          Parse_IP6(sc, pc, args);
      else
-        LogMessage(NOT_INLINE, "tcp");
+        LogMessage(NOT_INLINE, "ip6");
  }
  
  static void Reload_ICMP6 (struct _SnortConfig *sc, char* args, void **new_config)
@@ -764,7 +764,7 @@
      if ( pc )
          Parse_ICMP6(pc, args);
      else
-        LogMessage(NOT_INLINE, "tcp");
+        LogMessage(NOT_INLINE, "icmp6");
  }
  
  static void Reload_TCP (struct _SnortConfig *sc, char* args, void **new_config)

These errors are also present in snort-2.9.7.0.alpha (because spp_normalize.c did not change).

Thanks,

Greg Thomas




More information about the Snort-devel mailing list