[Snort-users] Snort startup oddity

roel at ...47... roel at ...47...
Thu Mar 1 20:20:17 EST 2001


Avleen,

This is a side effect of getprotobynumber() used in InitProtoNames()
It basically runs 0 through 256 by getprotobynumber(), which for
every query opens and closes /etc/protocols....

See below for the code (line 2331 in snort.c in my cvs version, about a week
old.)

roel
http://www.SiliconDefense.com


void InitProtoNames()
{
    int i;
    struct protoent *pt;
    unsigned char *tmp;
    u_char protoname[11];

    for(i = 0; i < 256; i++)
    {
        pt = getprotobynumber(i);

        if(pt)
        {    
            protocol_names[i] = strdup(pt->p_name);

            tmp = protocol_names[i];

            for(tmp = protocol_names[i]; *tmp != 0; tmp++)
                *tmp = (unsigned char) toupper(*tmp);
        }    
        else
        {  
            snprintf(protoname, 10, "PROTO%03d", i);
            protocol_names[i] = strdup(protoname);
        }
    }
}







More information about the Snort-users mailing list